Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2024-34750
Vulnerability from cvelistv5
Vendor | Product | Version | ||
---|---|---|---|---|
Apache Software Foundation | Apache Tomcat |
Version: 11.0.0-M1 ≤ 11.0.0-M20 Version: 10.1.0-M1 ≤ 10.1.24 Version: 9.0.0-M1 ≤ 9.0.89 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "tomcat", vendor: "apache", versions: [ { lessThanOrEqual: "9.0.89", status: "affected", version: "9.0.0-m1", versionType: "semver", }, { lessThanOrEqual: "10.1.24", status: "affected", version: "10.1.0-m1", versionType: "semver", }, { lessThanOrEqual: "11.0.0-m20", status: "affected", version: "11.0.0-m1", versionType: "semver", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-34750", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-08T16:51:20.954347Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-13T16:05:56.107Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-16T17:02:39.887Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", }, { url: "https://security.netapp.com/advisory/ntap-20240816-0004/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Tomcat", vendor: "Apache Software Foundation", versions: [ { lessThanOrEqual: "11.0.0-M20", status: "affected", version: "11.0.0-M1", versionType: "semver", }, { lessThanOrEqual: "10.1.24", status: "affected", version: "10.1.0-M1", versionType: "semver", }, { lessThanOrEqual: "9.0.89", status: "affected", version: "9.0.0-M1", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "devme4f from VNPT-VCI", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed.</p><p>This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89.</p><p>Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.</p>", }, ], value: "Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89.\n\nUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.\n\n", }, ], metrics: [ { other: { content: { text: "important", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-755", description: "CWE-755 Improper Handling of Exceptional Conditions", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-03T19:32:34.695Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", }, ], source: { discovery: "EXTERNAL", }, title: "Apache Tomcat: HTTP/2 excess header handling DoS", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2024-34750", datePublished: "2024-07-03T19:32:34.695Z", dateReserved: "2024-05-08T07:23:16.760Z", dateUpdated: "2024-08-16T17:02:39.887Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { descriptions: "[{\"lang\": \"en\", \"value\": \"Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed.\\n\\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89.\\n\\nUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.\\n\\n\"}, {\"lang\": \"es\", \"value\": \"Manejo inadecuado de condiciones excepcionales, vulnerabilidad de consumo incontrolado de recursos en Apache Tomcat. Al procesar una secuencia HTTP/2, Tomcat no manej\\u00f3 correctamente algunos casos de encabezados HTTP excesivos. Esto llev\\u00f3 a un conteo err\\u00f3neo de flujos HTTP/2 activos que a su vez llev\\u00f3 al uso de un tiempo de espera infinito incorrecto que permiti\\u00f3 que las conexiones permanecieran abiertas y que deber\\u00edan haberse cerrado. Este problema afecta a Apache Tomcat: desde 11.0.0-M1 hasta 11.0.0-M20, desde 10.1.0-M1 hasta 10.1.24, desde 9.0.0-M1 hasta 9.0.89. Se recomienda a los usuarios actualizar a la versi\\u00f3n 11.0.0-M21, 10.1.25 o 9.0.90, que soluciona el problema.\"}]", id: "CVE-2024-34750", lastModified: "2024-11-21T09:19:19.377", metrics: "{\"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}", published: "2024-07-03T20:15:04.083", references: "[{\"url\": \"https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240816-0004/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]", sourceIdentifier: "security@apache.org", vulnStatus: "Awaiting Analysis", weaknesses: "[{\"source\": \"security@apache.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-400\"}, {\"lang\": \"en\", \"value\": \"CWE-755\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2024-34750\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2024-07-03T20:15:04.083\",\"lastModified\":\"2024-11-21T09:19:19.377\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed.\\n\\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89.\\n\\nUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.\\n\\n\"},{\"lang\":\"es\",\"value\":\"Manejo inadecuado de condiciones excepcionales, vulnerabilidad de consumo incontrolado de recursos en Apache Tomcat. Al procesar una secuencia HTTP/2, Tomcat no manejó correctamente algunos casos de encabezados HTTP excesivos. Esto llevó a un conteo erróneo de flujos HTTP/2 activos que a su vez llevó al uso de un tiempo de espera infinito incorrecto que permitió que las conexiones permanecieran abiertas y que deberían haberse cerrado. Este problema afecta a Apache Tomcat: desde 11.0.0-M1 hasta 11.0.0-M20, desde 10.1.0-M1 hasta 10.1.24, desde 9.0.0-M1 hasta 9.0.89. Se recomienda a los usuarios actualizar a la versión 11.0.0-M21, 10.1.25 o 9.0.90, que soluciona el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"},{\"lang\":\"en\",\"value\":\"CWE-755\"}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240816-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240816-0004/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-16T17:02:39.887Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-34750\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-08T16:51:20.954347Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\"], \"vendor\": \"apache\", \"product\": \"tomcat\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.0.0-m1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"9.0.89\"}, {\"status\": \"affected\", \"version\": \"10.1.0-m1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.1.24\"}, {\"status\": \"affected\", \"version\": \"11.0.0-m1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"11.0.0-m20\"}], \"defaultStatus\": \"unaffected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-08T16:54:33.007Z\"}}], \"cna\": {\"title\": \"Apache Tomcat: HTTP/2 excess header handling DoS\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"devme4f from VNPT-VCI\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"important\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Tomcat\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.0.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"11.0.0-M20\"}, {\"status\": \"affected\", \"version\": \"10.1.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.1.24\"}, {\"status\": \"affected\", \"version\": \"9.0.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"9.0.89\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed.\\n\\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89.\\n\\nUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"<p>Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed.</p><p>This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89.</p><p>Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.</p>\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-755\", \"description\": \"CWE-755 Improper Handling of Exceptional Conditions\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400 Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2024-07-03T19:32:34.695Z\"}}}", cveMetadata: "{\"cveId\": \"CVE-2024-34750\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-16T17:02:39.887Z\", \"dateReserved\": \"2024-05-08T07:23:16.760Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2024-07-03T19:32:34.695Z\", \"assignerShortName\": \"apache\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
rhsa-2024:4977
Vulnerability from csaf_redhat
Notes
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Web Server 6.0.3 zip release is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 6.0.3 serves as a replacement for Red Hat JBoss Web Server 6.0.2. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes that are linked to in the References section.\n\nSecurity Fix(es):\n\n* jws6-tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)\n* jws6-tomcat: Denial of Service in Tomcat (CVE-2024-38286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:4977", url: "https://access.redhat.com/errata/RHSA-2024:4977", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/6.0/html-single/red_hat_jboss_web_server_6.0_service_pack_3_release_notes/index", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/6.0/html-single/red_hat_jboss_web_server_6.0_service_pack_3_release_notes/index", }, { category: "external", summary: "2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4977.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Web Server 6.0.3 release and security update", tracking: { current_release_date: "2024-11-26T18:08:39+00:00", generator: { date: "2024-11-26T18:08:39+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2024:4977", initial_release_date: "2024-08-06T11:07:16+00:00", revision_history: [ { date: "2024-08-06T11:07:16+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-01T11:35:45+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-26T18:08:39+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Web Server 6", product: { name: "Red Hat JBoss Web Server 6", product_id: "Red Hat JBoss Web Server 6", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_server:6.0", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Server", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, discovery_date: "2024-07-03T20:41:10+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2295651", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain open that should have been closed.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Improper Handling of Exceptional Conditions", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability in Apache Tomcat is significant due to its impact on the stability and security of web applications relying on HTTP/2. The improper handling of excessive HTTP headers during HTTP/2 stream processing leads to an inaccurate count of active streams. This miscount causes the application to apply an incorrect infinite timeout, allowing connections to persist indefinitely. Such behavior results in uncontrolled resource consumption, potentially exhausting server resources and leading to denial of service (DoS) conditions. By exploiting this flaw, an attacker could degrade the performance or availability of the server.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 6", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34750", }, { category: "external", summary: "RHBZ#2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34750", url: "https://www.cve.org/CVERecord?id=CVE-2024-34750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", }, { category: "external", summary: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", url: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", }, ], release_date: "2024-07-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-06T11:07:16+00:00", details: "Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", product_ids: [ "Red Hat JBoss Web Server 6", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4977", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat JBoss Web Server 6", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Web Server 6", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Improper Handling of Exceptional Conditions", }, { cve: "CVE-2024-38286", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-09-25T15:03:31.413000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2314686", }, ], notes: [ { category: "description", text: "A vulnerability was found in Tomcat. Under certain configurations on any platform, this flaw allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Denial of Service in Tomcat", title: "Vulnerability summary", }, { category: "other", text: "CVE-2024-38286 represents an important security issue due to its potential to cause an `OutOfMemoryError` through the exploitation of the TLS handshake process in Apache Tomcat. This vulnerability specifically impacts configurations using TLS 1.3, which is increasingly adopted for secure communications. The ability for an attacker to trigger an OutOfMemoryError can lead to a denial-of-service (DoS) condition, effectively rendering the application or server inoperable.\n\nThe issue only affects configurations that utilize TLS 1.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 6", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-38286", }, { category: "external", summary: "RHBZ#2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-38286", url: "https://www.cve.org/CVERecord?id=CVE-2024-38286", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", }, { category: "external", summary: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", url: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", }, ], release_date: "2024-09-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-06T11:07:16+00:00", details: "Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", product_ids: [ "Red Hat JBoss Web Server 6", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4977", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat JBoss Web Server 6", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Web Server 6", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Denial of Service in Tomcat", }, ], }
rhsa-2024_5694
Vulnerability from csaf_redhat
Notes
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for tomcat is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)\n\n* tomcat: Denial of Service in Tomcat (CVE-2024-38286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:5694", url: "https://access.redhat.com/errata/RHSA-2024:5694", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_5694.json", }, ], title: "Red Hat Security Advisory: tomcat security update", tracking: { current_release_date: "2024-11-26T18:08:39+00:00", generator: { date: "2024-11-26T18:08:39+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2024:5694", initial_release_date: "2024-08-21T11:53:16+00:00", revision_history: [ { date: "2024-08-21T11:53:16+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-09T18:25:54+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-26T18:08:39+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 8)", product: { name: "Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "tomcat-1:9.0.87-1.el8_10.2.src", product: { name: "tomcat-1:9.0.87-1.el8_10.2.src", product_id: "tomcat-1:9.0.87-1.el8_10.2.src", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat@9.0.87-1.el8_10.2?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "tomcat-1:9.0.87-1.el8_10.2.noarch", product: { name: "tomcat-1:9.0.87-1.el8_10.2.noarch", product_id: "tomcat-1:9.0.87-1.el8_10.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat@9.0.87-1.el8_10.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", product: { name: "tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", product_id: "tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-admin-webapps@9.0.87-1.el8_10.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", product: { name: "tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", product_id: "tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-docs-webapp@9.0.87-1.el8_10.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", product: { name: "tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", product_id: "tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.87-1.el8_10.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", product: { name: "tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", product_id: "tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.87-1.el8_10.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-lib-1:9.0.87-1.el8_10.2.noarch", product: { name: "tomcat-lib-1:9.0.87-1.el8_10.2.noarch", product_id: "tomcat-lib-1:9.0.87-1.el8_10.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-lib@9.0.87-1.el8_10.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", product: { name: "tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", product_id: "tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.87-1.el8_10.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", product: { name: "tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", product_id: "tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-webapps@9.0.87-1.el8_10.2?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tomcat-1:9.0.87-1.el8_10.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.noarch", }, product_reference: "tomcat-1:9.0.87-1.el8_10.2.noarch", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-1:9.0.87-1.el8_10.2.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.src", }, product_reference: "tomcat-1:9.0.87-1.el8_10.2.src", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", }, product_reference: "tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", }, product_reference: "tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", }, product_reference: "tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", }, product_reference: "tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-lib-1:9.0.87-1.el8_10.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.2.noarch", }, product_reference: "tomcat-lib-1:9.0.87-1.el8_10.2.noarch", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", }, product_reference: "tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-webapps-1:9.0.87-1.el8_10.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", }, product_reference: "tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, discovery_date: "2024-07-03T20:41:10+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2295651", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain open that should have been closed.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Improper Handling of Exceptional Conditions", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability in Apache Tomcat is significant due to its impact on the stability and security of web applications relying on HTTP/2. The improper handling of excessive HTTP headers during HTTP/2 stream processing leads to an inaccurate count of active streams. This miscount causes the application to apply an incorrect infinite timeout, allowing connections to persist indefinitely. Such behavior results in uncontrolled resource consumption, potentially exhausting server resources and leading to denial of service (DoS) conditions. By exploiting this flaw, an attacker could degrade the performance or availability of the server.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.src", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34750", }, { category: "external", summary: "RHBZ#2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34750", url: "https://www.cve.org/CVERecord?id=CVE-2024-34750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", }, { category: "external", summary: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", url: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", }, ], release_date: "2024-07-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-21T11:53:16+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.src", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:5694", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.src", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.src", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Improper Handling of Exceptional Conditions", }, { cve: "CVE-2024-38286", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-09-25T15:03:31.413000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2314686", }, ], notes: [ { category: "description", text: "A vulnerability was found in Tomcat. Under certain configurations on any platform, this flaw allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Denial of Service in Tomcat", title: "Vulnerability summary", }, { category: "other", text: "CVE-2024-38286 represents an important security issue due to its potential to cause an `OutOfMemoryError` through the exploitation of the TLS handshake process in Apache Tomcat. This vulnerability specifically impacts configurations using TLS 1.3, which is increasingly adopted for secure communications. The ability for an attacker to trigger an OutOfMemoryError can lead to a denial-of-service (DoS) condition, effectively rendering the application or server inoperable.\n\nThe issue only affects configurations that utilize TLS 1.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.src", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-38286", }, { category: "external", summary: "RHBZ#2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-38286", url: "https://www.cve.org/CVERecord?id=CVE-2024-38286", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", }, { category: "external", summary: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", url: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", }, ], release_date: "2024-09-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-21T11:53:16+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.src", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:5694", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.src", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.src", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Denial of Service in Tomcat", }, ], }
RHSA-2024:5024
Vulnerability from csaf_redhat
Notes
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Web Server 5.8 on Red Hat Enterprise Linux versions 7, 8, and 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 5.8.1 serves as a replacement for Red Hat JBoss Web Server 5.8.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes that are linked to in the References section.\n\nSecurity Fix(es):\n\n* jws5-tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)\n* jws5-tomcat: Denial of Service in Tomcat (CVE-2024-38286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:5024", url: "https://access.redhat.com/errata/RHSA-2024:5024", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/5.8/html-single/red_hat_jboss_web_server_5.8_service_pack_1_release_notes/index", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/5.8/html-single/red_hat_jboss_web_server_5.8_service_pack_1_release_notes/index", }, { category: "external", summary: "2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_5024.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Web Server 5.8.1 release and security update", tracking: { current_release_date: "2024-11-26T18:07:56+00:00", generator: { date: "2024-11-26T18:07:56+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2024:5024", initial_release_date: "2024-08-06T13:51:19+00:00", revision_history: [ { date: "2024-08-06T13:51:19+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-01T13:29:29+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-26T18:07:56+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product: { name: "Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_server:5.8::el7", }, }, }, { category: "product_name", name: "Red Hat JBoss Web Server 5.8 for RHEL 8", product: { name: "Red Hat JBoss Web Server 5.8 for RHEL 8", product_id: "8Base-JWS-5.8", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_server:5.8::el8", }, }, }, { category: "product_name", name: "Red Hat JBoss Web Server 5.8 for RHEL 9", product: { name: "Red Hat JBoss Web Server 5.8 for RHEL 9", product_id: "9Base-JWS-5.8", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_server:5.8::el9", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Server", }, { branches: [ { category: "product_version", name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", product: { name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", product_id: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat@9.0.87-5.redhat_00005.1.el7jws?arch=src", }, }, }, { category: "product_version", name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", product: { name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", product_id: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat@9.0.87-5.redhat_00005.1.el8jws?arch=src", }, }, }, { category: "product_version", name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", product: { name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", product_id: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat@9.0.87-5.redhat_00005.1.el9jws?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product: { name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_id: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat@9.0.87-5.redhat_00005.1.el7jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product: { name: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_id: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.87-5.redhat_00005.1.el7jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product: { name: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_id: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.87-5.redhat_00005.1.el7jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product: { name: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_id: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.87-5.redhat_00005.1.el7jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product: { name: "jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_id: "jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-java-jdk11@9.0.87-5.redhat_00005.1.el7jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product: { name: "jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_id: "jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-java-jdk8@9.0.87-5.redhat_00005.1.el7jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product: { name: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_id: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.87-5.redhat_00005.1.el7jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product: { name: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_id: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.87-5.redhat_00005.1.el7jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product: { name: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_id: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-lib@9.0.87-5.redhat_00005.1.el7jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product: { name: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_id: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.87-5.redhat_00005.1.el7jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product: { name: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_id: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.87-5.redhat_00005.1.el7jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product: { name: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_id: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.87-5.redhat_00005.1.el7jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product: { name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_id: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat@9.0.87-5.redhat_00005.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product: { name: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_id: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.87-5.redhat_00005.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product: { name: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_id: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.87-5.redhat_00005.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product: { name: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_id: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.87-5.redhat_00005.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product: { name: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_id: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.87-5.redhat_00005.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product: { name: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_id: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.87-5.redhat_00005.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product: { name: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_id: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-lib@9.0.87-5.redhat_00005.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product: { name: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_id: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.87-5.redhat_00005.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product: { name: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_id: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.87-5.redhat_00005.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product: { name: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_id: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.87-5.redhat_00005.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product: { name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_id: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat@9.0.87-5.redhat_00005.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product: { name: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_id: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.87-5.redhat_00005.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product: { name: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_id: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.87-5.redhat_00005.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product: { name: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_id: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.87-5.redhat_00005.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product: { name: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_id: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.87-5.redhat_00005.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product: { name: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_id: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.87-5.redhat_00005.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product: { name: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_id: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-lib@9.0.87-5.redhat_00005.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product: { name: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_id: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.87-5.redhat_00005.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product: { name: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_id: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.87-5.redhat_00005.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product: { name: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_id: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.87-5.redhat_00005.1.el9jws?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", }, product_reference: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", }, product_reference: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", }, product_reference: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", }, product_reference: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", }, product_reference: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", }, product_reference: "jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", }, product_reference: "jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", }, product_reference: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", }, product_reference: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", }, product_reference: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", }, product_reference: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", }, product_reference: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", }, product_reference: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8", product_id: "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", }, product_reference: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src as a component of Red Hat JBoss Web Server 5.8 for RHEL 8", product_id: "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", }, product_reference: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", relates_to_product_reference: "8Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8", product_id: "8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", }, product_reference: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8", product_id: "8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", }, product_reference: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8", product_id: "8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", }, product_reference: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8", product_id: "8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", }, product_reference: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8", product_id: "8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", }, product_reference: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8", product_id: "8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", }, product_reference: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8", product_id: "8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", }, product_reference: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8", product_id: "8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", }, product_reference: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8", product_id: "8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", }, product_reference: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9", product_id: "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", }, product_reference: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src as a component of Red Hat JBoss Web Server 5.8 for RHEL 9", product_id: "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", }, product_reference: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", relates_to_product_reference: "9Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9", product_id: "9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", }, product_reference: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9", product_id: "9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", }, product_reference: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9", product_id: "9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", }, product_reference: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9", product_id: "9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", }, product_reference: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9", product_id: "9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", }, product_reference: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9", product_id: "9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", }, product_reference: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9", product_id: "9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", }, product_reference: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9", product_id: "9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", }, product_reference: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9", product_id: "9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", }, product_reference: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-5.8", }, ], }, vulnerabilities: [ { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, discovery_date: "2024-07-03T20:41:10+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2295651", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain open that should have been closed.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Improper Handling of Exceptional Conditions", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability in Apache Tomcat is significant due to its impact on the stability and security of web applications relying on HTTP/2. The improper handling of excessive HTTP headers during HTTP/2 stream processing leads to an inaccurate count of active streams. This miscount causes the application to apply an incorrect infinite timeout, allowing connections to persist indefinitely. Such behavior results in uncontrolled resource consumption, potentially exhausting server resources and leading to denial of service (DoS) conditions. By exploiting this flaw, an attacker could degrade the performance or availability of the server.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", "7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", "8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", "9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34750", }, { category: "external", summary: "RHBZ#2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34750", url: "https://www.cve.org/CVERecord?id=CVE-2024-34750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", }, { category: "external", summary: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", url: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", }, ], release_date: "2024-07-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-06T13:51:19+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", "7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", "8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", "9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:5024", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", "7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", "8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", "9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", "7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", "8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", "9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Improper Handling of Exceptional Conditions", }, { cve: "CVE-2024-38286", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-09-25T15:03:31.413000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2314686", }, ], notes: [ { category: "description", text: "A vulnerability was found in Tomcat. Under certain configurations on any platform, this flaw allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Denial of Service in Tomcat", title: "Vulnerability summary", }, { category: "other", text: "CVE-2024-38286 represents an important security issue due to its potential to cause an `OutOfMemoryError` through the exploitation of the TLS handshake process in Apache Tomcat. This vulnerability specifically impacts configurations using TLS 1.3, which is increasingly adopted for secure communications. The ability for an attacker to trigger an OutOfMemoryError can lead to a denial-of-service (DoS) condition, effectively rendering the application or server inoperable.\n\nThe issue only affects configurations that utilize TLS 1.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", "7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", "8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", "9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-38286", }, { category: "external", summary: "RHBZ#2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-38286", url: "https://www.cve.org/CVERecord?id=CVE-2024-38286", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", }, { category: "external", summary: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", url: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", }, ], release_date: "2024-09-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-06T13:51:19+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", "7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", "8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", "9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:5024", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", "7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", "8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", "9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", "7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", "8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", "9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Denial of Service in Tomcat", }, ], }
rhsa-2024:5695
Vulnerability from csaf_redhat
Notes
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for tomcat is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)\n\n* tomcat: Denial of Service in Tomcat (CVE-2024-38286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:5695", url: "https://access.redhat.com/errata/RHSA-2024:5695", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_5695.json", }, ], title: "Red Hat Security Advisory: tomcat security update", tracking: { current_release_date: "2024-11-26T18:08:50+00:00", generator: { date: "2024-11-26T18:08:50+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2024:5695", initial_release_date: "2024-08-21T11:53:47+00:00", revision_history: [ { date: "2024-08-21T11:53:47+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-10T18:15:46+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-26T18:08:50+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream EUS (v.8.8)", product: { name: "Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_eus:8.8::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "tomcat-1:9.0.87-1.el8_8.3.src", product: { name: "tomcat-1:9.0.87-1.el8_8.3.src", product_id: "tomcat-1:9.0.87-1.el8_8.3.src", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat@9.0.87-1.el8_8.3?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "tomcat-1:9.0.87-1.el8_8.3.noarch", product: { name: "tomcat-1:9.0.87-1.el8_8.3.noarch", product_id: "tomcat-1:9.0.87-1.el8_8.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat@9.0.87-1.el8_8.3?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", product: { name: "tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", product_id: "tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-admin-webapps@9.0.87-1.el8_8.3?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", product: { name: "tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", product_id: "tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-docs-webapp@9.0.87-1.el8_8.3?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", product: { name: "tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", product_id: "tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.87-1.el8_8.3?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", product: { name: "tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", product_id: "tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.87-1.el8_8.3?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-lib-1:9.0.87-1.el8_8.3.noarch", product: { name: "tomcat-lib-1:9.0.87-1.el8_8.3.noarch", product_id: "tomcat-lib-1:9.0.87-1.el8_8.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-lib@9.0.87-1.el8_8.3?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", product: { name: "tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", product_id: "tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.87-1.el8_8.3?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", product: { name: "tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", product_id: "tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-webapps@9.0.87-1.el8_8.3?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tomcat-1:9.0.87-1.el8_8.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.noarch", }, product_reference: "tomcat-1:9.0.87-1.el8_8.3.noarch", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-1:9.0.87-1.el8_8.3.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.src", }, product_reference: "tomcat-1:9.0.87-1.el8_8.3.src", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", }, product_reference: "tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", }, product_reference: "tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", }, product_reference: "tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", }, product_reference: "tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-lib-1:9.0.87-1.el8_8.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.3.noarch", }, product_reference: "tomcat-lib-1:9.0.87-1.el8_8.3.noarch", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", }, product_reference: "tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-webapps-1:9.0.87-1.el8_8.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", }, product_reference: "tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, discovery_date: "2024-07-03T20:41:10+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2295651", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain open that should have been closed.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Improper Handling of Exceptional Conditions", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability in Apache Tomcat is significant due to its impact on the stability and security of web applications relying on HTTP/2. The improper handling of excessive HTTP headers during HTTP/2 stream processing leads to an inaccurate count of active streams. This miscount causes the application to apply an incorrect infinite timeout, allowing connections to persist indefinitely. Such behavior results in uncontrolled resource consumption, potentially exhausting server resources and leading to denial of service (DoS) conditions. By exploiting this flaw, an attacker could degrade the performance or availability of the server.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.src", "AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34750", }, { category: "external", summary: "RHBZ#2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34750", url: "https://www.cve.org/CVERecord?id=CVE-2024-34750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", }, { category: "external", summary: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", url: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", }, ], release_date: "2024-07-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-21T11:53:47+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.src", "AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:5695", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.src", "AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.src", "AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Improper Handling of Exceptional Conditions", }, { cve: "CVE-2024-38286", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-09-25T15:03:31.413000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2314686", }, ], notes: [ { category: "description", text: "A vulnerability was found in Tomcat. Under certain configurations on any platform, this flaw allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Denial of Service in Tomcat", title: "Vulnerability summary", }, { category: "other", text: "CVE-2024-38286 represents an important security issue due to its potential to cause an `OutOfMemoryError` through the exploitation of the TLS handshake process in Apache Tomcat. This vulnerability specifically impacts configurations using TLS 1.3, which is increasingly adopted for secure communications. The ability for an attacker to trigger an OutOfMemoryError can lead to a denial-of-service (DoS) condition, effectively rendering the application or server inoperable.\n\nThe issue only affects configurations that utilize TLS 1.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.src", "AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-38286", }, { category: "external", summary: "RHBZ#2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-38286", url: "https://www.cve.org/CVERecord?id=CVE-2024-38286", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", }, { category: "external", summary: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", url: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", }, ], release_date: "2024-09-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-21T11:53:47+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.src", "AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:5695", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.src", "AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.src", "AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Denial of Service in Tomcat", }, ], }
RHSA-2024:5694
Vulnerability from csaf_redhat
Notes
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for tomcat is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)\n\n* tomcat: Denial of Service in Tomcat (CVE-2024-38286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:5694", url: "https://access.redhat.com/errata/RHSA-2024:5694", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_5694.json", }, ], title: "Red Hat Security Advisory: tomcat security update", tracking: { current_release_date: "2024-11-26T18:08:39+00:00", generator: { date: "2024-11-26T18:08:39+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2024:5694", initial_release_date: "2024-08-21T11:53:16+00:00", revision_history: [ { date: "2024-08-21T11:53:16+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-09T18:25:54+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-26T18:08:39+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 8)", product: { name: "Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "tomcat-1:9.0.87-1.el8_10.2.src", product: { name: "tomcat-1:9.0.87-1.el8_10.2.src", product_id: "tomcat-1:9.0.87-1.el8_10.2.src", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat@9.0.87-1.el8_10.2?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "tomcat-1:9.0.87-1.el8_10.2.noarch", product: { name: "tomcat-1:9.0.87-1.el8_10.2.noarch", product_id: "tomcat-1:9.0.87-1.el8_10.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat@9.0.87-1.el8_10.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", product: { name: "tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", product_id: "tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-admin-webapps@9.0.87-1.el8_10.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", product: { name: "tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", product_id: "tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-docs-webapp@9.0.87-1.el8_10.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", product: { name: "tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", product_id: "tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.87-1.el8_10.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", product: { name: "tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", product_id: "tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.87-1.el8_10.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-lib-1:9.0.87-1.el8_10.2.noarch", product: { name: "tomcat-lib-1:9.0.87-1.el8_10.2.noarch", product_id: "tomcat-lib-1:9.0.87-1.el8_10.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-lib@9.0.87-1.el8_10.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", product: { name: "tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", product_id: "tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.87-1.el8_10.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", product: { name: "tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", product_id: "tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-webapps@9.0.87-1.el8_10.2?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tomcat-1:9.0.87-1.el8_10.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.noarch", }, product_reference: "tomcat-1:9.0.87-1.el8_10.2.noarch", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-1:9.0.87-1.el8_10.2.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.src", }, product_reference: "tomcat-1:9.0.87-1.el8_10.2.src", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", }, product_reference: "tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", }, product_reference: "tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", }, product_reference: "tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", }, product_reference: "tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-lib-1:9.0.87-1.el8_10.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.2.noarch", }, product_reference: "tomcat-lib-1:9.0.87-1.el8_10.2.noarch", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", }, product_reference: "tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-webapps-1:9.0.87-1.el8_10.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", }, product_reference: "tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, discovery_date: "2024-07-03T20:41:10+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2295651", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain open that should have been closed.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Improper Handling of Exceptional Conditions", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability in Apache Tomcat is significant due to its impact on the stability and security of web applications relying on HTTP/2. The improper handling of excessive HTTP headers during HTTP/2 stream processing leads to an inaccurate count of active streams. This miscount causes the application to apply an incorrect infinite timeout, allowing connections to persist indefinitely. Such behavior results in uncontrolled resource consumption, potentially exhausting server resources and leading to denial of service (DoS) conditions. By exploiting this flaw, an attacker could degrade the performance or availability of the server.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.src", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34750", }, { category: "external", summary: "RHBZ#2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34750", url: "https://www.cve.org/CVERecord?id=CVE-2024-34750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", }, { category: "external", summary: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", url: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", }, ], release_date: "2024-07-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-21T11:53:16+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.src", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:5694", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.src", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.src", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Improper Handling of Exceptional Conditions", }, { cve: "CVE-2024-38286", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-09-25T15:03:31.413000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2314686", }, ], notes: [ { category: "description", text: "A vulnerability was found in Tomcat. Under certain configurations on any platform, this flaw allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Denial of Service in Tomcat", title: "Vulnerability summary", }, { category: "other", text: "CVE-2024-38286 represents an important security issue due to its potential to cause an `OutOfMemoryError` through the exploitation of the TLS handshake process in Apache Tomcat. This vulnerability specifically impacts configurations using TLS 1.3, which is increasingly adopted for secure communications. The ability for an attacker to trigger an OutOfMemoryError can lead to a denial-of-service (DoS) condition, effectively rendering the application or server inoperable.\n\nThe issue only affects configurations that utilize TLS 1.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.src", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-38286", }, { category: "external", summary: "RHBZ#2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-38286", url: "https://www.cve.org/CVERecord?id=CVE-2024-38286", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", }, { category: "external", summary: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", url: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", }, ], release_date: "2024-09-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-21T11:53:16+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.src", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:5694", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.src", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.src", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Denial of Service in Tomcat", }, ], }
rhsa-2024_4977
Vulnerability from csaf_redhat
Notes
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Web Server 6.0.3 zip release is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 6.0.3 serves as a replacement for Red Hat JBoss Web Server 6.0.2. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes that are linked to in the References section.\n\nSecurity Fix(es):\n\n* jws6-tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)\n* jws6-tomcat: Denial of Service in Tomcat (CVE-2024-38286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:4977", url: "https://access.redhat.com/errata/RHSA-2024:4977", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/6.0/html-single/red_hat_jboss_web_server_6.0_service_pack_3_release_notes/index", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/6.0/html-single/red_hat_jboss_web_server_6.0_service_pack_3_release_notes/index", }, { category: "external", summary: "2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4977.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Web Server 6.0.3 release and security update", tracking: { current_release_date: "2024-11-26T18:08:39+00:00", generator: { date: "2024-11-26T18:08:39+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2024:4977", initial_release_date: "2024-08-06T11:07:16+00:00", revision_history: [ { date: "2024-08-06T11:07:16+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-01T11:35:45+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-26T18:08:39+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Web Server 6", product: { name: "Red Hat JBoss Web Server 6", product_id: "Red Hat JBoss Web Server 6", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_server:6.0", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Server", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, discovery_date: "2024-07-03T20:41:10+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2295651", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain open that should have been closed.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Improper Handling of Exceptional Conditions", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability in Apache Tomcat is significant due to its impact on the stability and security of web applications relying on HTTP/2. The improper handling of excessive HTTP headers during HTTP/2 stream processing leads to an inaccurate count of active streams. This miscount causes the application to apply an incorrect infinite timeout, allowing connections to persist indefinitely. Such behavior results in uncontrolled resource consumption, potentially exhausting server resources and leading to denial of service (DoS) conditions. By exploiting this flaw, an attacker could degrade the performance or availability of the server.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 6", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34750", }, { category: "external", summary: "RHBZ#2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34750", url: "https://www.cve.org/CVERecord?id=CVE-2024-34750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", }, { category: "external", summary: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", url: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", }, ], release_date: "2024-07-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-06T11:07:16+00:00", details: "Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", product_ids: [ "Red Hat JBoss Web Server 6", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4977", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat JBoss Web Server 6", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Web Server 6", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Improper Handling of Exceptional Conditions", }, { cve: "CVE-2024-38286", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-09-25T15:03:31.413000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2314686", }, ], notes: [ { category: "description", text: "A vulnerability was found in Tomcat. Under certain configurations on any platform, this flaw allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Denial of Service in Tomcat", title: "Vulnerability summary", }, { category: "other", text: "CVE-2024-38286 represents an important security issue due to its potential to cause an `OutOfMemoryError` through the exploitation of the TLS handshake process in Apache Tomcat. This vulnerability specifically impacts configurations using TLS 1.3, which is increasingly adopted for secure communications. The ability for an attacker to trigger an OutOfMemoryError can lead to a denial-of-service (DoS) condition, effectively rendering the application or server inoperable.\n\nThe issue only affects configurations that utilize TLS 1.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 6", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-38286", }, { category: "external", summary: "RHBZ#2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-38286", url: "https://www.cve.org/CVERecord?id=CVE-2024-38286", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", }, { category: "external", summary: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", url: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", }, ], release_date: "2024-09-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-06T11:07:16+00:00", details: "Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", product_ids: [ "Red Hat JBoss Web Server 6", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4977", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat JBoss Web Server 6", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Web Server 6", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Denial of Service in Tomcat", }, ], }
rhsa-2024:5024
Vulnerability from csaf_redhat
Notes
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Web Server 5.8 on Red Hat Enterprise Linux versions 7, 8, and 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 5.8.1 serves as a replacement for Red Hat JBoss Web Server 5.8.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes that are linked to in the References section.\n\nSecurity Fix(es):\n\n* jws5-tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)\n* jws5-tomcat: Denial of Service in Tomcat (CVE-2024-38286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:5024", url: "https://access.redhat.com/errata/RHSA-2024:5024", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/5.8/html-single/red_hat_jboss_web_server_5.8_service_pack_1_release_notes/index", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/5.8/html-single/red_hat_jboss_web_server_5.8_service_pack_1_release_notes/index", }, { category: "external", summary: "2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_5024.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Web Server 5.8.1 release and security update", tracking: { current_release_date: "2024-11-26T18:07:56+00:00", generator: { date: "2024-11-26T18:07:56+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2024:5024", initial_release_date: "2024-08-06T13:51:19+00:00", revision_history: [ { date: "2024-08-06T13:51:19+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-01T13:29:29+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-26T18:07:56+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product: { name: "Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_server:5.8::el7", }, }, }, { category: "product_name", name: "Red Hat JBoss Web Server 5.8 for RHEL 8", product: { name: "Red Hat JBoss Web Server 5.8 for RHEL 8", product_id: "8Base-JWS-5.8", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_server:5.8::el8", }, }, }, { category: "product_name", name: "Red Hat JBoss Web Server 5.8 for RHEL 9", product: { name: "Red Hat JBoss Web Server 5.8 for RHEL 9", product_id: "9Base-JWS-5.8", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_server:5.8::el9", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Server", }, { branches: [ { category: "product_version", name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", product: { name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", product_id: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat@9.0.87-5.redhat_00005.1.el7jws?arch=src", }, }, }, { category: "product_version", name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", product: { name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", product_id: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat@9.0.87-5.redhat_00005.1.el8jws?arch=src", }, }, }, { category: "product_version", name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", product: { name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", product_id: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat@9.0.87-5.redhat_00005.1.el9jws?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product: { name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_id: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat@9.0.87-5.redhat_00005.1.el7jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product: { name: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_id: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.87-5.redhat_00005.1.el7jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product: { name: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_id: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.87-5.redhat_00005.1.el7jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product: { name: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_id: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.87-5.redhat_00005.1.el7jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product: { name: "jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_id: "jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-java-jdk11@9.0.87-5.redhat_00005.1.el7jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product: { name: "jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_id: "jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-java-jdk8@9.0.87-5.redhat_00005.1.el7jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product: { name: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_id: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.87-5.redhat_00005.1.el7jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product: { name: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_id: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.87-5.redhat_00005.1.el7jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product: { name: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_id: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-lib@9.0.87-5.redhat_00005.1.el7jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product: { name: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_id: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.87-5.redhat_00005.1.el7jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product: { name: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_id: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.87-5.redhat_00005.1.el7jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product: { name: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_id: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.87-5.redhat_00005.1.el7jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product: { name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_id: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat@9.0.87-5.redhat_00005.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product: { name: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_id: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.87-5.redhat_00005.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product: { name: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_id: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.87-5.redhat_00005.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product: { name: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_id: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.87-5.redhat_00005.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product: { name: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_id: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.87-5.redhat_00005.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product: { name: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_id: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.87-5.redhat_00005.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product: { name: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_id: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-lib@9.0.87-5.redhat_00005.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product: { name: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_id: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.87-5.redhat_00005.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product: { name: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_id: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.87-5.redhat_00005.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product: { name: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_id: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.87-5.redhat_00005.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product: { name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_id: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat@9.0.87-5.redhat_00005.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product: { name: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_id: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.87-5.redhat_00005.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product: { name: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_id: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.87-5.redhat_00005.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product: { name: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_id: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.87-5.redhat_00005.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product: { name: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_id: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.87-5.redhat_00005.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product: { name: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_id: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.87-5.redhat_00005.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product: { name: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_id: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-lib@9.0.87-5.redhat_00005.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product: { name: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_id: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.87-5.redhat_00005.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product: { name: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_id: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.87-5.redhat_00005.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product: { name: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_id: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.87-5.redhat_00005.1.el9jws?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", }, product_reference: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", }, product_reference: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", }, product_reference: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", }, product_reference: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", }, product_reference: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", }, product_reference: "jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", }, product_reference: "jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", }, product_reference: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", }, product_reference: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", }, product_reference: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", }, product_reference: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", }, product_reference: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", }, product_reference: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8", product_id: "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", }, product_reference: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src as a component of Red Hat JBoss Web Server 5.8 for RHEL 8", product_id: "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", }, product_reference: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", relates_to_product_reference: "8Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8", product_id: "8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", }, product_reference: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8", product_id: "8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", }, product_reference: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8", product_id: "8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", }, product_reference: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8", product_id: "8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", }, product_reference: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8", product_id: "8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", }, product_reference: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8", product_id: "8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", }, product_reference: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8", product_id: "8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", }, product_reference: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8", product_id: "8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", }, product_reference: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8", product_id: "8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", }, product_reference: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9", product_id: "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", }, product_reference: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src as a component of Red Hat JBoss Web Server 5.8 for RHEL 9", product_id: "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", }, product_reference: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", relates_to_product_reference: "9Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9", product_id: "9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", }, product_reference: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9", product_id: "9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", }, product_reference: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9", product_id: "9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", }, product_reference: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9", product_id: "9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", }, product_reference: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9", product_id: "9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", }, product_reference: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9", product_id: "9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", }, product_reference: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9", product_id: "9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", }, product_reference: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9", product_id: "9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", }, product_reference: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9", product_id: "9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", }, product_reference: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-5.8", }, ], }, vulnerabilities: [ { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, discovery_date: "2024-07-03T20:41:10+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2295651", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain open that should have been closed.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Improper Handling of Exceptional Conditions", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability in Apache Tomcat is significant due to its impact on the stability and security of web applications relying on HTTP/2. The improper handling of excessive HTTP headers during HTTP/2 stream processing leads to an inaccurate count of active streams. This miscount causes the application to apply an incorrect infinite timeout, allowing connections to persist indefinitely. Such behavior results in uncontrolled resource consumption, potentially exhausting server resources and leading to denial of service (DoS) conditions. By exploiting this flaw, an attacker could degrade the performance or availability of the server.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", "7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", "8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", "9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34750", }, { category: "external", summary: "RHBZ#2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34750", url: "https://www.cve.org/CVERecord?id=CVE-2024-34750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", }, { category: "external", summary: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", url: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", }, ], release_date: "2024-07-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-06T13:51:19+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", "7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", "8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", "9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:5024", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", "7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", "8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", "9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", "7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", "8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", "9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Improper Handling of Exceptional Conditions", }, { cve: "CVE-2024-38286", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-09-25T15:03:31.413000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2314686", }, ], notes: [ { category: "description", text: "A vulnerability was found in Tomcat. Under certain configurations on any platform, this flaw allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Denial of Service in Tomcat", title: "Vulnerability summary", }, { category: "other", text: "CVE-2024-38286 represents an important security issue due to its potential to cause an `OutOfMemoryError` through the exploitation of the TLS handshake process in Apache Tomcat. This vulnerability specifically impacts configurations using TLS 1.3, which is increasingly adopted for secure communications. The ability for an attacker to trigger an OutOfMemoryError can lead to a denial-of-service (DoS) condition, effectively rendering the application or server inoperable.\n\nThe issue only affects configurations that utilize TLS 1.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", "7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", "8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", "9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-38286", }, { category: "external", summary: "RHBZ#2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-38286", url: "https://www.cve.org/CVERecord?id=CVE-2024-38286", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", }, { category: "external", summary: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", url: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", }, ], release_date: "2024-09-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-06T13:51:19+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", "7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", "8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", "9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:5024", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", "7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", "8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", "9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", "7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", "8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", "9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Denial of Service in Tomcat", }, ], }
RHSA-2024:4977
Vulnerability from csaf_redhat
Notes
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Web Server 6.0.3 zip release is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 6.0.3 serves as a replacement for Red Hat JBoss Web Server 6.0.2. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes that are linked to in the References section.\n\nSecurity Fix(es):\n\n* jws6-tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)\n* jws6-tomcat: Denial of Service in Tomcat (CVE-2024-38286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:4977", url: "https://access.redhat.com/errata/RHSA-2024:4977", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/6.0/html-single/red_hat_jboss_web_server_6.0_service_pack_3_release_notes/index", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/6.0/html-single/red_hat_jboss_web_server_6.0_service_pack_3_release_notes/index", }, { category: "external", summary: "2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4977.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Web Server 6.0.3 release and security update", tracking: { current_release_date: "2024-11-26T18:08:39+00:00", generator: { date: "2024-11-26T18:08:39+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2024:4977", initial_release_date: "2024-08-06T11:07:16+00:00", revision_history: [ { date: "2024-08-06T11:07:16+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-01T11:35:45+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-26T18:08:39+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Web Server 6", product: { name: "Red Hat JBoss Web Server 6", product_id: "Red Hat JBoss Web Server 6", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_server:6.0", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Server", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, discovery_date: "2024-07-03T20:41:10+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2295651", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain open that should have been closed.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Improper Handling of Exceptional Conditions", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability in Apache Tomcat is significant due to its impact on the stability and security of web applications relying on HTTP/2. The improper handling of excessive HTTP headers during HTTP/2 stream processing leads to an inaccurate count of active streams. This miscount causes the application to apply an incorrect infinite timeout, allowing connections to persist indefinitely. Such behavior results in uncontrolled resource consumption, potentially exhausting server resources and leading to denial of service (DoS) conditions. By exploiting this flaw, an attacker could degrade the performance or availability of the server.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 6", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34750", }, { category: "external", summary: "RHBZ#2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34750", url: "https://www.cve.org/CVERecord?id=CVE-2024-34750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", }, { category: "external", summary: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", url: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", }, ], release_date: "2024-07-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-06T11:07:16+00:00", details: "Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", product_ids: [ "Red Hat JBoss Web Server 6", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4977", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat JBoss Web Server 6", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Web Server 6", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Improper Handling of Exceptional Conditions", }, { cve: "CVE-2024-38286", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-09-25T15:03:31.413000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2314686", }, ], notes: [ { category: "description", text: "A vulnerability was found in Tomcat. Under certain configurations on any platform, this flaw allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Denial of Service in Tomcat", title: "Vulnerability summary", }, { category: "other", text: "CVE-2024-38286 represents an important security issue due to its potential to cause an `OutOfMemoryError` through the exploitation of the TLS handshake process in Apache Tomcat. This vulnerability specifically impacts configurations using TLS 1.3, which is increasingly adopted for secure communications. The ability for an attacker to trigger an OutOfMemoryError can lead to a denial-of-service (DoS) condition, effectively rendering the application or server inoperable.\n\nThe issue only affects configurations that utilize TLS 1.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 6", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-38286", }, { category: "external", summary: "RHBZ#2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-38286", url: "https://www.cve.org/CVERecord?id=CVE-2024-38286", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", }, { category: "external", summary: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", url: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", }, ], release_date: "2024-09-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-06T11:07:16+00:00", details: "Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", product_ids: [ "Red Hat JBoss Web Server 6", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4977", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat JBoss Web Server 6", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Web Server 6", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Denial of Service in Tomcat", }, ], }
RHSA-2024:5693
Vulnerability from csaf_redhat
Notes
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for tomcat is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)\n\n* tomcat: Denial of Service in Tomcat (CVE-2024-38286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:5693", url: "https://access.redhat.com/errata/RHSA-2024:5693", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_5693.json", }, ], title: "Red Hat Security Advisory: tomcat security update", tracking: { current_release_date: "2024-11-26T18:08:18+00:00", generator: { date: "2024-11-26T18:08:18+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2024:5693", initial_release_date: "2024-08-21T11:56:16+00:00", revision_history: [ { date: "2024-08-21T11:56:16+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-09T18:20:03+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-26T18:08:18+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 9)", product: { name: "Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:9::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "tomcat-1:9.0.87-1.el9_4.2.src", product: { name: "tomcat-1:9.0.87-1.el9_4.2.src", product_id: "tomcat-1:9.0.87-1.el9_4.2.src", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat@9.0.87-1.el9_4.2?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "tomcat-1:9.0.87-1.el9_4.2.noarch", product: { name: "tomcat-1:9.0.87-1.el9_4.2.noarch", product_id: "tomcat-1:9.0.87-1.el9_4.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat@9.0.87-1.el9_4.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", product: { name: "tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", product_id: "tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-admin-webapps@9.0.87-1.el9_4.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", product: { name: "tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", product_id: "tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-docs-webapp@9.0.87-1.el9_4.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", product: { name: "tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", product_id: "tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.87-1.el9_4.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", product: { name: "tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", product_id: "tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.87-1.el9_4.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-lib-1:9.0.87-1.el9_4.2.noarch", product: { name: "tomcat-lib-1:9.0.87-1.el9_4.2.noarch", product_id: "tomcat-lib-1:9.0.87-1.el9_4.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-lib@9.0.87-1.el9_4.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", product: { name: "tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", product_id: "tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.87-1.el9_4.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", product: { name: "tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", product_id: "tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-webapps@9.0.87-1.el9_4.2?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tomcat-1:9.0.87-1.el9_4.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.noarch", }, product_reference: "tomcat-1:9.0.87-1.el9_4.2.noarch", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-1:9.0.87-1.el9_4.2.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.src", }, product_reference: "tomcat-1:9.0.87-1.el9_4.2.src", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", }, product_reference: "tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", }, product_reference: "tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", }, product_reference: "tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", }, product_reference: "tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-lib-1:9.0.87-1.el9_4.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el9_4.2.noarch", }, product_reference: "tomcat-lib-1:9.0.87-1.el9_4.2.noarch", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", }, product_reference: "tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-webapps-1:9.0.87-1.el9_4.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", }, product_reference: "tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, discovery_date: "2024-07-03T20:41:10+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2295651", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain open that should have been closed.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Improper Handling of Exceptional Conditions", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability in Apache Tomcat is significant due to its impact on the stability and security of web applications relying on HTTP/2. The improper handling of excessive HTTP headers during HTTP/2 stream processing leads to an inaccurate count of active streams. This miscount causes the application to apply an incorrect infinite timeout, allowing connections to persist indefinitely. Such behavior results in uncontrolled resource consumption, potentially exhausting server resources and leading to denial of service (DoS) conditions. By exploiting this flaw, an attacker could degrade the performance or availability of the server.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.src", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34750", }, { category: "external", summary: "RHBZ#2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34750", url: "https://www.cve.org/CVERecord?id=CVE-2024-34750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", }, { category: "external", summary: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", url: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", }, ], release_date: "2024-07-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-21T11:56:16+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.src", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:5693", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.src", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.src", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Improper Handling of Exceptional Conditions", }, { cve: "CVE-2024-38286", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-09-25T15:03:31.413000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2314686", }, ], notes: [ { category: "description", text: "A vulnerability was found in Tomcat. Under certain configurations on any platform, this flaw allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Denial of Service in Tomcat", title: "Vulnerability summary", }, { category: "other", text: "CVE-2024-38286 represents an important security issue due to its potential to cause an `OutOfMemoryError` through the exploitation of the TLS handshake process in Apache Tomcat. This vulnerability specifically impacts configurations using TLS 1.3, which is increasingly adopted for secure communications. The ability for an attacker to trigger an OutOfMemoryError can lead to a denial-of-service (DoS) condition, effectively rendering the application or server inoperable.\n\nThe issue only affects configurations that utilize TLS 1.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.src", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-38286", }, { category: "external", summary: "RHBZ#2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-38286", url: "https://www.cve.org/CVERecord?id=CVE-2024-38286", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", }, { category: "external", summary: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", url: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", }, ], release_date: "2024-09-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-21T11:56:16+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.src", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:5693", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.src", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.src", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Denial of Service in Tomcat", }, ], }
rhsa-2024:5693
Vulnerability from csaf_redhat
Notes
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for tomcat is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)\n\n* tomcat: Denial of Service in Tomcat (CVE-2024-38286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:5693", url: "https://access.redhat.com/errata/RHSA-2024:5693", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_5693.json", }, ], title: "Red Hat Security Advisory: tomcat security update", tracking: { current_release_date: "2024-11-26T18:08:18+00:00", generator: { date: "2024-11-26T18:08:18+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2024:5693", initial_release_date: "2024-08-21T11:56:16+00:00", revision_history: [ { date: "2024-08-21T11:56:16+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-09T18:20:03+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-26T18:08:18+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 9)", product: { name: "Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:9::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "tomcat-1:9.0.87-1.el9_4.2.src", product: { name: "tomcat-1:9.0.87-1.el9_4.2.src", product_id: "tomcat-1:9.0.87-1.el9_4.2.src", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat@9.0.87-1.el9_4.2?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "tomcat-1:9.0.87-1.el9_4.2.noarch", product: { name: "tomcat-1:9.0.87-1.el9_4.2.noarch", product_id: "tomcat-1:9.0.87-1.el9_4.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat@9.0.87-1.el9_4.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", product: { name: "tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", product_id: "tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-admin-webapps@9.0.87-1.el9_4.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", product: { name: "tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", product_id: "tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-docs-webapp@9.0.87-1.el9_4.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", product: { name: "tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", product_id: "tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.87-1.el9_4.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", product: { name: "tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", product_id: "tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.87-1.el9_4.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-lib-1:9.0.87-1.el9_4.2.noarch", product: { name: "tomcat-lib-1:9.0.87-1.el9_4.2.noarch", product_id: "tomcat-lib-1:9.0.87-1.el9_4.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-lib@9.0.87-1.el9_4.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", product: { name: "tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", product_id: "tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.87-1.el9_4.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", product: { name: "tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", product_id: "tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-webapps@9.0.87-1.el9_4.2?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tomcat-1:9.0.87-1.el9_4.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.noarch", }, product_reference: "tomcat-1:9.0.87-1.el9_4.2.noarch", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-1:9.0.87-1.el9_4.2.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.src", }, product_reference: "tomcat-1:9.0.87-1.el9_4.2.src", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", }, product_reference: "tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", }, product_reference: "tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", }, product_reference: "tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", }, product_reference: "tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-lib-1:9.0.87-1.el9_4.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el9_4.2.noarch", }, product_reference: "tomcat-lib-1:9.0.87-1.el9_4.2.noarch", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", }, product_reference: "tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-webapps-1:9.0.87-1.el9_4.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", }, product_reference: "tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, discovery_date: "2024-07-03T20:41:10+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2295651", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain open that should have been closed.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Improper Handling of Exceptional Conditions", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability in Apache Tomcat is significant due to its impact on the stability and security of web applications relying on HTTP/2. The improper handling of excessive HTTP headers during HTTP/2 stream processing leads to an inaccurate count of active streams. This miscount causes the application to apply an incorrect infinite timeout, allowing connections to persist indefinitely. Such behavior results in uncontrolled resource consumption, potentially exhausting server resources and leading to denial of service (DoS) conditions. By exploiting this flaw, an attacker could degrade the performance or availability of the server.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.src", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34750", }, { category: "external", summary: "RHBZ#2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34750", url: "https://www.cve.org/CVERecord?id=CVE-2024-34750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", }, { category: "external", summary: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", url: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", }, ], release_date: "2024-07-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-21T11:56:16+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.src", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:5693", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.src", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.src", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Improper Handling of Exceptional Conditions", }, { cve: "CVE-2024-38286", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-09-25T15:03:31.413000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2314686", }, ], notes: [ { category: "description", text: "A vulnerability was found in Tomcat. Under certain configurations on any platform, this flaw allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Denial of Service in Tomcat", title: "Vulnerability summary", }, { category: "other", text: "CVE-2024-38286 represents an important security issue due to its potential to cause an `OutOfMemoryError` through the exploitation of the TLS handshake process in Apache Tomcat. This vulnerability specifically impacts configurations using TLS 1.3, which is increasingly adopted for secure communications. The ability for an attacker to trigger an OutOfMemoryError can lead to a denial-of-service (DoS) condition, effectively rendering the application or server inoperable.\n\nThe issue only affects configurations that utilize TLS 1.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.src", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-38286", }, { category: "external", summary: "RHBZ#2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-38286", url: "https://www.cve.org/CVERecord?id=CVE-2024-38286", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", }, { category: "external", summary: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", url: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", }, ], release_date: "2024-09-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-21T11:56:16+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.src", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:5693", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.src", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.src", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Denial of Service in Tomcat", }, ], }
RHSA-2024:4976
Vulnerability from csaf_redhat
Notes
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Web Server 6.0.3 on Red Hat Enterprise Linux versions 8 and 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 6.0.3 serves as a replacement for Red Hat JBoss Web Server 6.0.2. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes that are linked to in the References section.\n\nSecurity Fix(es):\n\n* jws6-tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)\n* jws6-tomcat: Denial of Service in Tomcat (CVE-2024-38286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:4976", url: "https://access.redhat.com/errata/RHSA-2024:4976", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/6.0/html-single/red_hat_jboss_web_server_6.0_service_pack_3_release_notes/index", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/6.0/html-single/red_hat_jboss_web_server_6.0_service_pack_3_release_notes/index", }, { category: "external", summary: "2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4976.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Web Server 6.0.3 release and security update", tracking: { current_release_date: "2024-11-26T18:08:49+00:00", generator: { date: "2024-11-26T18:08:49+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2024:4976", initial_release_date: "2024-08-06T13:50:14+00:00", revision_history: [ { date: "2024-08-06T13:50:14+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-01T11:42:28+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-26T18:08:49+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Web Server 6.0 for RHEL 8", product: { name: "Red Hat JBoss Web Server 6.0 for RHEL 8", product_id: "8Base-JWS-6.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_server:6.0::el8", }, }, }, { category: "product_name", name: "Red Hat JBoss Web Server 6.0 for RHEL 9", product: { name: "Red Hat JBoss Web Server 6.0 for RHEL 9", product_id: "9Base-JWS-6.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_server:6.0::el9", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Server", }, { branches: [ { category: "product_version", name: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", product: { name: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", product_id: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat@10.1.8-10.redhat_00018.1.el8jws?arch=src", }, }, }, { category: "product_version", name: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", product: { name: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", product_id: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat@10.1.8-10.redhat_00018.1.el9jws?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product: { name: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_id: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat@10.1.8-10.redhat_00018.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product: { name: "jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_id: "jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-admin-webapps@10.1.8-10.redhat_00018.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product: { name: "jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_id: "jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-docs-webapp@10.1.8-10.redhat_00018.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product: { name: "jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_id: "jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-el-5.0-api@10.1.8-10.redhat_00018.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product: { name: "jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_id: "jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-javadoc@10.1.8-10.redhat_00018.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product: { name: "jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_id: "jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-jsp-3.1-api@10.1.8-10.redhat_00018.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product: { name: "jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_id: "jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-lib@10.1.8-10.redhat_00018.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product: { name: "jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_id: "jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-selinux@10.1.8-10.redhat_00018.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product: { name: "jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_id: "jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-servlet-6.0-api@10.1.8-10.redhat_00018.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product: { name: "jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_id: "jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-webapps@10.1.8-10.redhat_00018.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product: { name: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_id: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat@10.1.8-10.redhat_00018.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product: { name: "jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_id: "jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-admin-webapps@10.1.8-10.redhat_00018.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product: { name: "jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_id: "jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-docs-webapp@10.1.8-10.redhat_00018.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product: { name: "jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_id: "jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-el-5.0-api@10.1.8-10.redhat_00018.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product: { name: "jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_id: "jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-javadoc@10.1.8-10.redhat_00018.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product: { name: "jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_id: "jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-jsp-3.1-api@10.1.8-10.redhat_00018.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product: { name: "jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_id: "jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-lib@10.1.8-10.redhat_00018.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product: { name: "jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_id: "jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-selinux@10.1.8-10.redhat_00018.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product: { name: "jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_id: "jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-servlet-6.0-api@10.1.8-10.redhat_00018.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product: { name: "jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_id: "jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-webapps@10.1.8-10.redhat_00018.1.el9jws?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 8", product_id: "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", }, product_reference: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src as a component of Red Hat JBoss Web Server 6.0 for RHEL 8", product_id: "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", }, product_reference: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", relates_to_product_reference: "8Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 8", product_id: "8Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", }, product_reference: "jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 8", product_id: "8Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", }, product_reference: "jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 8", product_id: "8Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", }, product_reference: "jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 8", product_id: "8Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", }, product_reference: "jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 8", product_id: "8Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", }, product_reference: "jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 8", product_id: "8Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", }, product_reference: "jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 8", product_id: "8Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", }, product_reference: "jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 8", product_id: "8Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", }, product_reference: "jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 8", product_id: "8Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", }, product_reference: "jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 9", product_id: "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", }, product_reference: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src as a component of Red Hat JBoss Web Server 6.0 for RHEL 9", product_id: "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", }, product_reference: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", relates_to_product_reference: "9Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 9", product_id: "9Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", }, product_reference: "jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 9", product_id: "9Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", }, product_reference: "jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 9", product_id: "9Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", }, product_reference: "jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 9", product_id: "9Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", }, product_reference: "jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 9", product_id: "9Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", }, product_reference: "jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 9", product_id: "9Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", }, product_reference: "jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 9", product_id: "9Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", }, product_reference: "jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 9", product_id: "9Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", }, product_reference: "jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 9", product_id: "9Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", }, product_reference: "jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-6.0", }, ], }, vulnerabilities: [ { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, discovery_date: "2024-07-03T20:41:10+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2295651", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain open that should have been closed.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Improper Handling of Exceptional Conditions", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability in Apache Tomcat is significant due to its impact on the stability and security of web applications relying on HTTP/2. The improper handling of excessive HTTP headers during HTTP/2 stream processing leads to an inaccurate count of active streams. This miscount causes the application to apply an incorrect infinite timeout, allowing connections to persist indefinitely. Such behavior results in uncontrolled resource consumption, potentially exhausting server resources and leading to denial of service (DoS) conditions. By exploiting this flaw, an attacker could degrade the performance or availability of the server.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", "8Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", "9Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34750", }, { category: "external", summary: "RHBZ#2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34750", url: "https://www.cve.org/CVERecord?id=CVE-2024-34750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", }, { category: "external", summary: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", url: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", }, ], release_date: "2024-07-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-06T13:50:14+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", "8Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", "9Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4976", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", "8Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", "9Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", "8Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", "9Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Improper Handling of Exceptional Conditions", }, { cve: "CVE-2024-38286", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-09-25T15:03:31.413000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2314686", }, ], notes: [ { category: "description", text: "A vulnerability was found in Tomcat. Under certain configurations on any platform, this flaw allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Denial of Service in Tomcat", title: "Vulnerability summary", }, { category: "other", text: "CVE-2024-38286 represents an important security issue due to its potential to cause an `OutOfMemoryError` through the exploitation of the TLS handshake process in Apache Tomcat. This vulnerability specifically impacts configurations using TLS 1.3, which is increasingly adopted for secure communications. The ability for an attacker to trigger an OutOfMemoryError can lead to a denial-of-service (DoS) condition, effectively rendering the application or server inoperable.\n\nThe issue only affects configurations that utilize TLS 1.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", "8Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", "9Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-38286", }, { category: "external", summary: "RHBZ#2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-38286", url: "https://www.cve.org/CVERecord?id=CVE-2024-38286", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", }, { category: "external", summary: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", url: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", }, ], release_date: "2024-09-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-06T13:50:14+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", "8Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", "9Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4976", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", "8Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", "9Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", "8Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", "9Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Denial of Service in Tomcat", }, ], }
rhsa-2024:5025
Vulnerability from csaf_redhat
Notes
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Web Server 5.8.1 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 5.8.1 serves as a replacement for Red Hat JBoss Web Server 5.8.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes that are linked to in the References section.\n\nSecurity Fix(es):\n\n* jws5-tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)\n* jws5-tomcat: Denial of Service in Tomcat (CVE-2024-38286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:5025", url: "https://access.redhat.com/errata/RHSA-2024:5025", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/5.8/html-single/red_hat_jboss_web_server_5.8_service_pack_1_release_notes/index", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/5.8/html-single/red_hat_jboss_web_server_5.8_service_pack_1_release_notes/index", }, { category: "external", summary: "2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_5025.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Web Server 5.8.1 release and security update", tracking: { current_release_date: "2024-11-26T18:08:07+00:00", generator: { date: "2024-11-26T18:08:07+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2024:5025", initial_release_date: "2024-08-06T10:49:14+00:00", revision_history: [ { date: "2024-08-06T10:49:14+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-01T13:29:13+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-26T18:08:07+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Web Server 5", product: { name: "Red Hat JBoss Web Server 5", product_id: "Red Hat JBoss Web Server 5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_server:5.8", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Server", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, discovery_date: "2024-07-03T20:41:10+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2295651", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain open that should have been closed.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Improper Handling of Exceptional Conditions", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability in Apache Tomcat is significant due to its impact on the stability and security of web applications relying on HTTP/2. The improper handling of excessive HTTP headers during HTTP/2 stream processing leads to an inaccurate count of active streams. This miscount causes the application to apply an incorrect infinite timeout, allowing connections to persist indefinitely. Such behavior results in uncontrolled resource consumption, potentially exhausting server resources and leading to denial of service (DoS) conditions. By exploiting this flaw, an attacker could degrade the performance or availability of the server.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 5", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34750", }, { category: "external", summary: "RHBZ#2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34750", url: "https://www.cve.org/CVERecord?id=CVE-2024-34750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", }, { category: "external", summary: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", url: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", }, ], release_date: "2024-07-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-06T10:49:14+00:00", details: "Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", product_ids: [ "Red Hat JBoss Web Server 5", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:5025", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat JBoss Web Server 5", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Web Server 5", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Improper Handling of Exceptional Conditions", }, { cve: "CVE-2024-38286", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-09-25T15:03:31.413000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2314686", }, ], notes: [ { category: "description", text: "A vulnerability was found in Tomcat. Under certain configurations on any platform, this flaw allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Denial of Service in Tomcat", title: "Vulnerability summary", }, { category: "other", text: "CVE-2024-38286 represents an important security issue due to its potential to cause an `OutOfMemoryError` through the exploitation of the TLS handshake process in Apache Tomcat. This vulnerability specifically impacts configurations using TLS 1.3, which is increasingly adopted for secure communications. The ability for an attacker to trigger an OutOfMemoryError can lead to a denial-of-service (DoS) condition, effectively rendering the application or server inoperable.\n\nThe issue only affects configurations that utilize TLS 1.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 5", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-38286", }, { category: "external", summary: "RHBZ#2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-38286", url: "https://www.cve.org/CVERecord?id=CVE-2024-38286", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", }, { category: "external", summary: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", url: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", }, ], release_date: "2024-09-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-06T10:49:14+00:00", details: "Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", product_ids: [ "Red Hat JBoss Web Server 5", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:5025", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat JBoss Web Server 5", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Web Server 5", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Denial of Service in Tomcat", }, ], }
rhsa-2024_5693
Vulnerability from csaf_redhat
Notes
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for tomcat is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)\n\n* tomcat: Denial of Service in Tomcat (CVE-2024-38286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:5693", url: "https://access.redhat.com/errata/RHSA-2024:5693", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_5693.json", }, ], title: "Red Hat Security Advisory: tomcat security update", tracking: { current_release_date: "2024-11-26T18:08:18+00:00", generator: { date: "2024-11-26T18:08:18+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2024:5693", initial_release_date: "2024-08-21T11:56:16+00:00", revision_history: [ { date: "2024-08-21T11:56:16+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-09T18:20:03+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-26T18:08:18+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 9)", product: { name: "Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:9::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "tomcat-1:9.0.87-1.el9_4.2.src", product: { name: "tomcat-1:9.0.87-1.el9_4.2.src", product_id: "tomcat-1:9.0.87-1.el9_4.2.src", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat@9.0.87-1.el9_4.2?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "tomcat-1:9.0.87-1.el9_4.2.noarch", product: { name: "tomcat-1:9.0.87-1.el9_4.2.noarch", product_id: "tomcat-1:9.0.87-1.el9_4.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat@9.0.87-1.el9_4.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", product: { name: "tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", product_id: "tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-admin-webapps@9.0.87-1.el9_4.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", product: { name: "tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", product_id: "tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-docs-webapp@9.0.87-1.el9_4.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", product: { name: "tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", product_id: "tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.87-1.el9_4.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", product: { name: "tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", product_id: "tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.87-1.el9_4.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-lib-1:9.0.87-1.el9_4.2.noarch", product: { name: "tomcat-lib-1:9.0.87-1.el9_4.2.noarch", product_id: "tomcat-lib-1:9.0.87-1.el9_4.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-lib@9.0.87-1.el9_4.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", product: { name: "tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", product_id: "tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.87-1.el9_4.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", product: { name: "tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", product_id: "tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-webapps@9.0.87-1.el9_4.2?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tomcat-1:9.0.87-1.el9_4.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.noarch", }, product_reference: "tomcat-1:9.0.87-1.el9_4.2.noarch", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-1:9.0.87-1.el9_4.2.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.src", }, product_reference: "tomcat-1:9.0.87-1.el9_4.2.src", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", }, product_reference: "tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", }, product_reference: "tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", }, product_reference: "tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", }, product_reference: "tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-lib-1:9.0.87-1.el9_4.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el9_4.2.noarch", }, product_reference: "tomcat-lib-1:9.0.87-1.el9_4.2.noarch", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", }, product_reference: "tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-webapps-1:9.0.87-1.el9_4.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", }, product_reference: "tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, discovery_date: "2024-07-03T20:41:10+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2295651", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain open that should have been closed.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Improper Handling of Exceptional Conditions", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability in Apache Tomcat is significant due to its impact on the stability and security of web applications relying on HTTP/2. The improper handling of excessive HTTP headers during HTTP/2 stream processing leads to an inaccurate count of active streams. This miscount causes the application to apply an incorrect infinite timeout, allowing connections to persist indefinitely. Such behavior results in uncontrolled resource consumption, potentially exhausting server resources and leading to denial of service (DoS) conditions. By exploiting this flaw, an attacker could degrade the performance or availability of the server.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.src", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34750", }, { category: "external", summary: "RHBZ#2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34750", url: "https://www.cve.org/CVERecord?id=CVE-2024-34750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", }, { category: "external", summary: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", url: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", }, ], release_date: "2024-07-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-21T11:56:16+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.src", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:5693", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.src", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.src", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Improper Handling of Exceptional Conditions", }, { cve: "CVE-2024-38286", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-09-25T15:03:31.413000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2314686", }, ], notes: [ { category: "description", text: "A vulnerability was found in Tomcat. Under certain configurations on any platform, this flaw allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Denial of Service in Tomcat", title: "Vulnerability summary", }, { category: "other", text: "CVE-2024-38286 represents an important security issue due to its potential to cause an `OutOfMemoryError` through the exploitation of the TLS handshake process in Apache Tomcat. This vulnerability specifically impacts configurations using TLS 1.3, which is increasingly adopted for secure communications. The ability for an attacker to trigger an OutOfMemoryError can lead to a denial-of-service (DoS) condition, effectively rendering the application or server inoperable.\n\nThe issue only affects configurations that utilize TLS 1.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.src", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-38286", }, { category: "external", summary: "RHBZ#2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-38286", url: "https://www.cve.org/CVERecord?id=CVE-2024-38286", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", }, { category: "external", summary: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", url: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", }, ], release_date: "2024-09-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-21T11:56:16+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.src", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:5693", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.src", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el9_4.2.src", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_4.2.noarch", "AppStream-9.4.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el9_4.2.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Denial of Service in Tomcat", }, ], }
rhsa-2024:4976
Vulnerability from csaf_redhat
Notes
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Web Server 6.0.3 on Red Hat Enterprise Linux versions 8 and 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 6.0.3 serves as a replacement for Red Hat JBoss Web Server 6.0.2. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes that are linked to in the References section.\n\nSecurity Fix(es):\n\n* jws6-tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)\n* jws6-tomcat: Denial of Service in Tomcat (CVE-2024-38286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:4976", url: "https://access.redhat.com/errata/RHSA-2024:4976", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/6.0/html-single/red_hat_jboss_web_server_6.0_service_pack_3_release_notes/index", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/6.0/html-single/red_hat_jboss_web_server_6.0_service_pack_3_release_notes/index", }, { category: "external", summary: "2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4976.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Web Server 6.0.3 release and security update", tracking: { current_release_date: "2024-11-26T18:08:49+00:00", generator: { date: "2024-11-26T18:08:49+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2024:4976", initial_release_date: "2024-08-06T13:50:14+00:00", revision_history: [ { date: "2024-08-06T13:50:14+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-01T11:42:28+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-26T18:08:49+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Web Server 6.0 for RHEL 8", product: { name: "Red Hat JBoss Web Server 6.0 for RHEL 8", product_id: "8Base-JWS-6.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_server:6.0::el8", }, }, }, { category: "product_name", name: "Red Hat JBoss Web Server 6.0 for RHEL 9", product: { name: "Red Hat JBoss Web Server 6.0 for RHEL 9", product_id: "9Base-JWS-6.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_server:6.0::el9", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Server", }, { branches: [ { category: "product_version", name: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", product: { name: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", product_id: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat@10.1.8-10.redhat_00018.1.el8jws?arch=src", }, }, }, { category: "product_version", name: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", product: { name: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", product_id: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat@10.1.8-10.redhat_00018.1.el9jws?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product: { name: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_id: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat@10.1.8-10.redhat_00018.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product: { name: "jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_id: "jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-admin-webapps@10.1.8-10.redhat_00018.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product: { name: "jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_id: "jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-docs-webapp@10.1.8-10.redhat_00018.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product: { name: "jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_id: "jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-el-5.0-api@10.1.8-10.redhat_00018.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product: { name: "jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_id: "jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-javadoc@10.1.8-10.redhat_00018.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product: { name: "jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_id: "jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-jsp-3.1-api@10.1.8-10.redhat_00018.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product: { name: "jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_id: "jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-lib@10.1.8-10.redhat_00018.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product: { name: "jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_id: "jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-selinux@10.1.8-10.redhat_00018.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product: { name: "jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_id: "jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-servlet-6.0-api@10.1.8-10.redhat_00018.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product: { name: "jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_id: "jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-webapps@10.1.8-10.redhat_00018.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product: { name: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_id: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat@10.1.8-10.redhat_00018.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product: { name: "jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_id: "jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-admin-webapps@10.1.8-10.redhat_00018.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product: { name: "jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_id: "jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-docs-webapp@10.1.8-10.redhat_00018.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product: { name: "jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_id: "jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-el-5.0-api@10.1.8-10.redhat_00018.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product: { name: "jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_id: "jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-javadoc@10.1.8-10.redhat_00018.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product: { name: "jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_id: "jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-jsp-3.1-api@10.1.8-10.redhat_00018.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product: { name: "jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_id: "jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-lib@10.1.8-10.redhat_00018.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product: { name: "jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_id: "jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-selinux@10.1.8-10.redhat_00018.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product: { name: "jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_id: "jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-servlet-6.0-api@10.1.8-10.redhat_00018.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product: { name: "jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_id: "jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-webapps@10.1.8-10.redhat_00018.1.el9jws?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 8", product_id: "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", }, product_reference: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src as a component of Red Hat JBoss Web Server 6.0 for RHEL 8", product_id: "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", }, product_reference: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", relates_to_product_reference: "8Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 8", product_id: "8Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", }, product_reference: "jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 8", product_id: "8Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", }, product_reference: "jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 8", product_id: "8Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", }, product_reference: "jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 8", product_id: "8Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", }, product_reference: "jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 8", product_id: "8Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", }, product_reference: "jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 8", product_id: "8Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", }, product_reference: "jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 8", product_id: "8Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", }, product_reference: "jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 8", product_id: "8Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", }, product_reference: "jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 8", product_id: "8Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", }, product_reference: "jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 9", product_id: "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", }, product_reference: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src as a component of Red Hat JBoss Web Server 6.0 for RHEL 9", product_id: "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", }, product_reference: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", relates_to_product_reference: "9Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 9", product_id: "9Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", }, product_reference: "jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 9", product_id: "9Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", }, product_reference: "jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 9", product_id: "9Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", }, product_reference: "jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 9", product_id: "9Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", }, product_reference: "jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 9", product_id: "9Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", }, product_reference: "jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 9", product_id: "9Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", }, product_reference: "jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 9", product_id: "9Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", }, product_reference: "jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 9", product_id: "9Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", }, product_reference: "jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 9", product_id: "9Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", }, product_reference: "jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-6.0", }, ], }, vulnerabilities: [ { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, discovery_date: "2024-07-03T20:41:10+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2295651", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain open that should have been closed.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Improper Handling of Exceptional Conditions", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability in Apache Tomcat is significant due to its impact on the stability and security of web applications relying on HTTP/2. The improper handling of excessive HTTP headers during HTTP/2 stream processing leads to an inaccurate count of active streams. This miscount causes the application to apply an incorrect infinite timeout, allowing connections to persist indefinitely. Such behavior results in uncontrolled resource consumption, potentially exhausting server resources and leading to denial of service (DoS) conditions. By exploiting this flaw, an attacker could degrade the performance or availability of the server.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", "8Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", "9Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34750", }, { category: "external", summary: "RHBZ#2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34750", url: "https://www.cve.org/CVERecord?id=CVE-2024-34750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", }, { category: "external", summary: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", url: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", }, ], release_date: "2024-07-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-06T13:50:14+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", "8Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", "9Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4976", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", "8Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", "9Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", "8Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", "9Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Improper Handling of Exceptional Conditions", }, { cve: "CVE-2024-38286", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-09-25T15:03:31.413000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2314686", }, ], notes: [ { category: "description", text: "A vulnerability was found in Tomcat. Under certain configurations on any platform, this flaw allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Denial of Service in Tomcat", title: "Vulnerability summary", }, { category: "other", text: "CVE-2024-38286 represents an important security issue due to its potential to cause an `OutOfMemoryError` through the exploitation of the TLS handshake process in Apache Tomcat. This vulnerability specifically impacts configurations using TLS 1.3, which is increasingly adopted for secure communications. The ability for an attacker to trigger an OutOfMemoryError can lead to a denial-of-service (DoS) condition, effectively rendering the application or server inoperable.\n\nThe issue only affects configurations that utilize TLS 1.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", "8Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", "9Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-38286", }, { category: "external", summary: "RHBZ#2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-38286", url: "https://www.cve.org/CVERecord?id=CVE-2024-38286", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", }, { category: "external", summary: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", url: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", }, ], release_date: "2024-09-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-06T13:50:14+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", "8Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", "9Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4976", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", "8Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", "9Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", "8Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", "9Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Denial of Service in Tomcat", }, ], }
RHSA-2024:5695
Vulnerability from csaf_redhat
Notes
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for tomcat is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)\n\n* tomcat: Denial of Service in Tomcat (CVE-2024-38286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:5695", url: "https://access.redhat.com/errata/RHSA-2024:5695", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_5695.json", }, ], title: "Red Hat Security Advisory: tomcat security update", tracking: { current_release_date: "2024-11-26T18:08:50+00:00", generator: { date: "2024-11-26T18:08:50+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2024:5695", initial_release_date: "2024-08-21T11:53:47+00:00", revision_history: [ { date: "2024-08-21T11:53:47+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-10T18:15:46+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-26T18:08:50+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream EUS (v.8.8)", product: { name: "Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_eus:8.8::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "tomcat-1:9.0.87-1.el8_8.3.src", product: { name: "tomcat-1:9.0.87-1.el8_8.3.src", product_id: "tomcat-1:9.0.87-1.el8_8.3.src", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat@9.0.87-1.el8_8.3?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "tomcat-1:9.0.87-1.el8_8.3.noarch", product: { name: "tomcat-1:9.0.87-1.el8_8.3.noarch", product_id: "tomcat-1:9.0.87-1.el8_8.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat@9.0.87-1.el8_8.3?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", product: { name: "tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", product_id: "tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-admin-webapps@9.0.87-1.el8_8.3?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", product: { name: "tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", product_id: "tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-docs-webapp@9.0.87-1.el8_8.3?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", product: { name: "tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", product_id: "tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.87-1.el8_8.3?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", product: { name: "tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", product_id: "tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.87-1.el8_8.3?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-lib-1:9.0.87-1.el8_8.3.noarch", product: { name: "tomcat-lib-1:9.0.87-1.el8_8.3.noarch", product_id: "tomcat-lib-1:9.0.87-1.el8_8.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-lib@9.0.87-1.el8_8.3?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", product: { name: "tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", product_id: "tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.87-1.el8_8.3?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", product: { name: "tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", product_id: "tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-webapps@9.0.87-1.el8_8.3?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tomcat-1:9.0.87-1.el8_8.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.noarch", }, product_reference: "tomcat-1:9.0.87-1.el8_8.3.noarch", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-1:9.0.87-1.el8_8.3.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.src", }, product_reference: "tomcat-1:9.0.87-1.el8_8.3.src", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", }, product_reference: "tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", }, product_reference: "tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", }, product_reference: "tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", }, product_reference: "tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-lib-1:9.0.87-1.el8_8.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.3.noarch", }, product_reference: "tomcat-lib-1:9.0.87-1.el8_8.3.noarch", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", }, product_reference: "tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-webapps-1:9.0.87-1.el8_8.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", }, product_reference: "tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, discovery_date: "2024-07-03T20:41:10+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2295651", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain open that should have been closed.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Improper Handling of Exceptional Conditions", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability in Apache Tomcat is significant due to its impact on the stability and security of web applications relying on HTTP/2. The improper handling of excessive HTTP headers during HTTP/2 stream processing leads to an inaccurate count of active streams. This miscount causes the application to apply an incorrect infinite timeout, allowing connections to persist indefinitely. Such behavior results in uncontrolled resource consumption, potentially exhausting server resources and leading to denial of service (DoS) conditions. By exploiting this flaw, an attacker could degrade the performance or availability of the server.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.src", "AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34750", }, { category: "external", summary: "RHBZ#2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34750", url: "https://www.cve.org/CVERecord?id=CVE-2024-34750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", }, { category: "external", summary: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", url: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", }, ], release_date: "2024-07-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-21T11:53:47+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.src", "AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:5695", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.src", "AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.src", "AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Improper Handling of Exceptional Conditions", }, { cve: "CVE-2024-38286", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-09-25T15:03:31.413000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2314686", }, ], notes: [ { category: "description", text: "A vulnerability was found in Tomcat. Under certain configurations on any platform, this flaw allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Denial of Service in Tomcat", title: "Vulnerability summary", }, { category: "other", text: "CVE-2024-38286 represents an important security issue due to its potential to cause an `OutOfMemoryError` through the exploitation of the TLS handshake process in Apache Tomcat. This vulnerability specifically impacts configurations using TLS 1.3, which is increasingly adopted for secure communications. The ability for an attacker to trigger an OutOfMemoryError can lead to a denial-of-service (DoS) condition, effectively rendering the application or server inoperable.\n\nThe issue only affects configurations that utilize TLS 1.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.src", "AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-38286", }, { category: "external", summary: "RHBZ#2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-38286", url: "https://www.cve.org/CVERecord?id=CVE-2024-38286", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", }, { category: "external", summary: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", url: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", }, ], release_date: "2024-09-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-21T11:53:47+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.src", "AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:5695", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.src", "AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.src", "AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Denial of Service in Tomcat", }, ], }
rhsa-2024:5694
Vulnerability from csaf_redhat
Notes
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for tomcat is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)\n\n* tomcat: Denial of Service in Tomcat (CVE-2024-38286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:5694", url: "https://access.redhat.com/errata/RHSA-2024:5694", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_5694.json", }, ], title: "Red Hat Security Advisory: tomcat security update", tracking: { current_release_date: "2024-11-26T18:08:39+00:00", generator: { date: "2024-11-26T18:08:39+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2024:5694", initial_release_date: "2024-08-21T11:53:16+00:00", revision_history: [ { date: "2024-08-21T11:53:16+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-09T18:25:54+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-26T18:08:39+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 8)", product: { name: "Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "tomcat-1:9.0.87-1.el8_10.2.src", product: { name: "tomcat-1:9.0.87-1.el8_10.2.src", product_id: "tomcat-1:9.0.87-1.el8_10.2.src", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat@9.0.87-1.el8_10.2?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "tomcat-1:9.0.87-1.el8_10.2.noarch", product: { name: "tomcat-1:9.0.87-1.el8_10.2.noarch", product_id: "tomcat-1:9.0.87-1.el8_10.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat@9.0.87-1.el8_10.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", product: { name: "tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", product_id: "tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-admin-webapps@9.0.87-1.el8_10.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", product: { name: "tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", product_id: "tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-docs-webapp@9.0.87-1.el8_10.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", product: { name: "tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", product_id: "tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.87-1.el8_10.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", product: { name: "tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", product_id: "tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.87-1.el8_10.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-lib-1:9.0.87-1.el8_10.2.noarch", product: { name: "tomcat-lib-1:9.0.87-1.el8_10.2.noarch", product_id: "tomcat-lib-1:9.0.87-1.el8_10.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-lib@9.0.87-1.el8_10.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", product: { name: "tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", product_id: "tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.87-1.el8_10.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", product: { name: "tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", product_id: "tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-webapps@9.0.87-1.el8_10.2?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tomcat-1:9.0.87-1.el8_10.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.noarch", }, product_reference: "tomcat-1:9.0.87-1.el8_10.2.noarch", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-1:9.0.87-1.el8_10.2.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.src", }, product_reference: "tomcat-1:9.0.87-1.el8_10.2.src", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", }, product_reference: "tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", }, product_reference: "tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", }, product_reference: "tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", }, product_reference: "tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-lib-1:9.0.87-1.el8_10.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.2.noarch", }, product_reference: "tomcat-lib-1:9.0.87-1.el8_10.2.noarch", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", }, product_reference: "tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-webapps-1:9.0.87-1.el8_10.2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", }, product_reference: "tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, discovery_date: "2024-07-03T20:41:10+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2295651", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain open that should have been closed.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Improper Handling of Exceptional Conditions", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability in Apache Tomcat is significant due to its impact on the stability and security of web applications relying on HTTP/2. The improper handling of excessive HTTP headers during HTTP/2 stream processing leads to an inaccurate count of active streams. This miscount causes the application to apply an incorrect infinite timeout, allowing connections to persist indefinitely. Such behavior results in uncontrolled resource consumption, potentially exhausting server resources and leading to denial of service (DoS) conditions. By exploiting this flaw, an attacker could degrade the performance or availability of the server.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.src", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34750", }, { category: "external", summary: "RHBZ#2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34750", url: "https://www.cve.org/CVERecord?id=CVE-2024-34750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", }, { category: "external", summary: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", url: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", }, ], release_date: "2024-07-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-21T11:53:16+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.src", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:5694", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.src", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.src", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Improper Handling of Exceptional Conditions", }, { cve: "CVE-2024-38286", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-09-25T15:03:31.413000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2314686", }, ], notes: [ { category: "description", text: "A vulnerability was found in Tomcat. Under certain configurations on any platform, this flaw allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Denial of Service in Tomcat", title: "Vulnerability summary", }, { category: "other", text: "CVE-2024-38286 represents an important security issue due to its potential to cause an `OutOfMemoryError` through the exploitation of the TLS handshake process in Apache Tomcat. This vulnerability specifically impacts configurations using TLS 1.3, which is increasingly adopted for secure communications. The ability for an attacker to trigger an OutOfMemoryError can lead to a denial-of-service (DoS) condition, effectively rendering the application or server inoperable.\n\nThe issue only affects configurations that utilize TLS 1.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.src", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-38286", }, { category: "external", summary: "RHBZ#2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-38286", url: "https://www.cve.org/CVERecord?id=CVE-2024-38286", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", }, { category: "external", summary: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", url: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", }, ], release_date: "2024-09-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-21T11:53:16+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.src", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:5694", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.src", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-1:9.0.87-1.el8_10.2.src", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-lib-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_10.2.noarch", "AppStream-8.10.0.Z.MAIN.EUS:tomcat-webapps-1:9.0.87-1.el8_10.2.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Denial of Service in Tomcat", }, ], }
rhsa-2024_4976
Vulnerability from csaf_redhat
Notes
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Web Server 6.0.3 on Red Hat Enterprise Linux versions 8 and 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 6.0.3 serves as a replacement for Red Hat JBoss Web Server 6.0.2. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes that are linked to in the References section.\n\nSecurity Fix(es):\n\n* jws6-tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)\n* jws6-tomcat: Denial of Service in Tomcat (CVE-2024-38286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:4976", url: "https://access.redhat.com/errata/RHSA-2024:4976", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/6.0/html-single/red_hat_jboss_web_server_6.0_service_pack_3_release_notes/index", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/6.0/html-single/red_hat_jboss_web_server_6.0_service_pack_3_release_notes/index", }, { category: "external", summary: "2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4976.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Web Server 6.0.3 release and security update", tracking: { current_release_date: "2024-11-26T18:08:49+00:00", generator: { date: "2024-11-26T18:08:49+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2024:4976", initial_release_date: "2024-08-06T13:50:14+00:00", revision_history: [ { date: "2024-08-06T13:50:14+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-01T11:42:28+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-26T18:08:49+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Web Server 6.0 for RHEL 8", product: { name: "Red Hat JBoss Web Server 6.0 for RHEL 8", product_id: "8Base-JWS-6.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_server:6.0::el8", }, }, }, { category: "product_name", name: "Red Hat JBoss Web Server 6.0 for RHEL 9", product: { name: "Red Hat JBoss Web Server 6.0 for RHEL 9", product_id: "9Base-JWS-6.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_server:6.0::el9", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Server", }, { branches: [ { category: "product_version", name: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", product: { name: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", product_id: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat@10.1.8-10.redhat_00018.1.el8jws?arch=src", }, }, }, { category: "product_version", name: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", product: { name: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", product_id: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat@10.1.8-10.redhat_00018.1.el9jws?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product: { name: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_id: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat@10.1.8-10.redhat_00018.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product: { name: "jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_id: "jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-admin-webapps@10.1.8-10.redhat_00018.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product: { name: "jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_id: "jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-docs-webapp@10.1.8-10.redhat_00018.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product: { name: "jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_id: "jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-el-5.0-api@10.1.8-10.redhat_00018.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product: { name: "jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_id: "jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-javadoc@10.1.8-10.redhat_00018.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product: { name: "jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_id: "jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-jsp-3.1-api@10.1.8-10.redhat_00018.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product: { name: "jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_id: "jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-lib@10.1.8-10.redhat_00018.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product: { name: "jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_id: "jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-selinux@10.1.8-10.redhat_00018.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product: { name: "jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_id: "jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-servlet-6.0-api@10.1.8-10.redhat_00018.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product: { name: "jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_id: "jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-webapps@10.1.8-10.redhat_00018.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product: { name: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_id: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat@10.1.8-10.redhat_00018.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product: { name: "jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_id: "jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-admin-webapps@10.1.8-10.redhat_00018.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product: { name: "jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_id: "jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-docs-webapp@10.1.8-10.redhat_00018.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product: { name: "jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_id: "jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-el-5.0-api@10.1.8-10.redhat_00018.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product: { name: "jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_id: "jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-javadoc@10.1.8-10.redhat_00018.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product: { name: "jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_id: "jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-jsp-3.1-api@10.1.8-10.redhat_00018.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product: { name: "jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_id: "jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-lib@10.1.8-10.redhat_00018.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product: { name: "jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_id: "jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-selinux@10.1.8-10.redhat_00018.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product: { name: "jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_id: "jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-servlet-6.0-api@10.1.8-10.redhat_00018.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product: { name: "jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_id: "jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws6-tomcat-webapps@10.1.8-10.redhat_00018.1.el9jws?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 8", product_id: "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", }, product_reference: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src as a component of Red Hat JBoss Web Server 6.0 for RHEL 8", product_id: "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", }, product_reference: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", relates_to_product_reference: "8Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 8", product_id: "8Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", }, product_reference: "jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 8", product_id: "8Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", }, product_reference: "jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 8", product_id: "8Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", }, product_reference: "jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 8", product_id: "8Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", }, product_reference: "jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 8", product_id: "8Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", }, product_reference: "jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 8", product_id: "8Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", }, product_reference: "jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 8", product_id: "8Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", }, product_reference: "jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 8", product_id: "8Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", }, product_reference: "jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 8", product_id: "8Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", }, product_reference: "jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 9", product_id: "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", }, product_reference: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src as a component of Red Hat JBoss Web Server 6.0 for RHEL 9", product_id: "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", }, product_reference: "jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", relates_to_product_reference: "9Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 9", product_id: "9Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", }, product_reference: "jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 9", product_id: "9Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", }, product_reference: "jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 9", product_id: "9Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", }, product_reference: "jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 9", product_id: "9Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", }, product_reference: "jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 9", product_id: "9Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", }, product_reference: "jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 9", product_id: "9Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", }, product_reference: "jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 9", product_id: "9Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", }, product_reference: "jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 9", product_id: "9Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", }, product_reference: "jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-6.0", }, { category: "default_component_of", full_product_name: { name: "jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch as a component of Red Hat JBoss Web Server 6.0 for RHEL 9", product_id: "9Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", }, product_reference: "jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-6.0", }, ], }, vulnerabilities: [ { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, discovery_date: "2024-07-03T20:41:10+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2295651", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain open that should have been closed.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Improper Handling of Exceptional Conditions", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability in Apache Tomcat is significant due to its impact on the stability and security of web applications relying on HTTP/2. The improper handling of excessive HTTP headers during HTTP/2 stream processing leads to an inaccurate count of active streams. This miscount causes the application to apply an incorrect infinite timeout, allowing connections to persist indefinitely. Such behavior results in uncontrolled resource consumption, potentially exhausting server resources and leading to denial of service (DoS) conditions. By exploiting this flaw, an attacker could degrade the performance or availability of the server.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", "8Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", "9Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34750", }, { category: "external", summary: "RHBZ#2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34750", url: "https://www.cve.org/CVERecord?id=CVE-2024-34750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", }, { category: "external", summary: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", url: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", }, ], release_date: "2024-07-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-06T13:50:14+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", "8Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", "9Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4976", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", "8Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", "9Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", "8Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", "9Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Improper Handling of Exceptional Conditions", }, { cve: "CVE-2024-38286", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-09-25T15:03:31.413000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2314686", }, ], notes: [ { category: "description", text: "A vulnerability was found in Tomcat. Under certain configurations on any platform, this flaw allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Denial of Service in Tomcat", title: "Vulnerability summary", }, { category: "other", text: "CVE-2024-38286 represents an important security issue due to its potential to cause an `OutOfMemoryError` through the exploitation of the TLS handshake process in Apache Tomcat. This vulnerability specifically impacts configurations using TLS 1.3, which is increasingly adopted for secure communications. The ability for an attacker to trigger an OutOfMemoryError can lead to a denial-of-service (DoS) condition, effectively rendering the application or server inoperable.\n\nThe issue only affects configurations that utilize TLS 1.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", "8Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", "9Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-38286", }, { category: "external", summary: "RHBZ#2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-38286", url: "https://www.cve.org/CVERecord?id=CVE-2024-38286", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", }, { category: "external", summary: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", url: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", }, ], release_date: "2024-09-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-06T13:50:14+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", "8Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", "9Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:4976", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", "8Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", "9Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el8jws.src", "8Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "8Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el8jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-0:10.1.8-10.redhat_00018.1.el9jws.src", "9Base-JWS-6.0:jws6-tomcat-admin-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-docs-webapp-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-el-5.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-javadoc-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-jsp-3.1-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-lib-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-selinux-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-servlet-6.0-api-0:10.1.8-10.redhat_00018.1.el9jws.noarch", "9Base-JWS-6.0:jws6-tomcat-webapps-0:10.1.8-10.redhat_00018.1.el9jws.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Denial of Service in Tomcat", }, ], }
rhsa-2024_5695
Vulnerability from csaf_redhat
Notes
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for tomcat is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)\n\n* tomcat: Denial of Service in Tomcat (CVE-2024-38286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:5695", url: "https://access.redhat.com/errata/RHSA-2024:5695", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_5695.json", }, ], title: "Red Hat Security Advisory: tomcat security update", tracking: { current_release_date: "2024-11-26T18:08:50+00:00", generator: { date: "2024-11-26T18:08:50+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2024:5695", initial_release_date: "2024-08-21T11:53:47+00:00", revision_history: [ { date: "2024-08-21T11:53:47+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-10T18:15:46+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-26T18:08:50+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream EUS (v.8.8)", product: { name: "Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_eus:8.8::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "tomcat-1:9.0.87-1.el8_8.3.src", product: { name: "tomcat-1:9.0.87-1.el8_8.3.src", product_id: "tomcat-1:9.0.87-1.el8_8.3.src", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat@9.0.87-1.el8_8.3?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "tomcat-1:9.0.87-1.el8_8.3.noarch", product: { name: "tomcat-1:9.0.87-1.el8_8.3.noarch", product_id: "tomcat-1:9.0.87-1.el8_8.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat@9.0.87-1.el8_8.3?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", product: { name: "tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", product_id: "tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-admin-webapps@9.0.87-1.el8_8.3?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", product: { name: "tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", product_id: "tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-docs-webapp@9.0.87-1.el8_8.3?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", product: { name: "tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", product_id: "tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.87-1.el8_8.3?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", product: { name: "tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", product_id: "tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.87-1.el8_8.3?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-lib-1:9.0.87-1.el8_8.3.noarch", product: { name: "tomcat-lib-1:9.0.87-1.el8_8.3.noarch", product_id: "tomcat-lib-1:9.0.87-1.el8_8.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-lib@9.0.87-1.el8_8.3?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", product: { name: "tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", product_id: "tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.87-1.el8_8.3?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", product: { name: "tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", product_id: "tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-webapps@9.0.87-1.el8_8.3?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tomcat-1:9.0.87-1.el8_8.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.noarch", }, product_reference: "tomcat-1:9.0.87-1.el8_8.3.noarch", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-1:9.0.87-1.el8_8.3.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.src", }, product_reference: "tomcat-1:9.0.87-1.el8_8.3.src", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", }, product_reference: "tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", }, product_reference: "tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", }, product_reference: "tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", }, product_reference: "tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-lib-1:9.0.87-1.el8_8.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.3.noarch", }, product_reference: "tomcat-lib-1:9.0.87-1.el8_8.3.noarch", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", }, product_reference: "tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-webapps-1:9.0.87-1.el8_8.3.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", }, product_reference: "tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, discovery_date: "2024-07-03T20:41:10+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2295651", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain open that should have been closed.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Improper Handling of Exceptional Conditions", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability in Apache Tomcat is significant due to its impact on the stability and security of web applications relying on HTTP/2. The improper handling of excessive HTTP headers during HTTP/2 stream processing leads to an inaccurate count of active streams. This miscount causes the application to apply an incorrect infinite timeout, allowing connections to persist indefinitely. Such behavior results in uncontrolled resource consumption, potentially exhausting server resources and leading to denial of service (DoS) conditions. By exploiting this flaw, an attacker could degrade the performance or availability of the server.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.src", "AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34750", }, { category: "external", summary: "RHBZ#2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34750", url: "https://www.cve.org/CVERecord?id=CVE-2024-34750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", }, { category: "external", summary: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", url: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", }, ], release_date: "2024-07-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-21T11:53:47+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.src", "AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:5695", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.src", "AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.src", "AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Improper Handling of Exceptional Conditions", }, { cve: "CVE-2024-38286", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-09-25T15:03:31.413000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2314686", }, ], notes: [ { category: "description", text: "A vulnerability was found in Tomcat. Under certain configurations on any platform, this flaw allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Denial of Service in Tomcat", title: "Vulnerability summary", }, { category: "other", text: "CVE-2024-38286 represents an important security issue due to its potential to cause an `OutOfMemoryError` through the exploitation of the TLS handshake process in Apache Tomcat. This vulnerability specifically impacts configurations using TLS 1.3, which is increasingly adopted for secure communications. The ability for an attacker to trigger an OutOfMemoryError can lead to a denial-of-service (DoS) condition, effectively rendering the application or server inoperable.\n\nThe issue only affects configurations that utilize TLS 1.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.src", "AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-38286", }, { category: "external", summary: "RHBZ#2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-38286", url: "https://www.cve.org/CVERecord?id=CVE-2024-38286", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", }, { category: "external", summary: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", url: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", }, ], release_date: "2024-09-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-21T11:53:47+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.src", "AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:5695", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.src", "AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-1:9.0.87-1.el8_8.3.src", "AppStream-8.8.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-lib-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el8_8.3.noarch", "AppStream-8.8.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el8_8.3.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Denial of Service in Tomcat", }, ], }
RHSA-2024:5696
Vulnerability from csaf_redhat
Notes
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for tomcat is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)\n\n* tomcat: Denial of Service in Tomcat (CVE-2024-38286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:5696", url: "https://access.redhat.com/errata/RHSA-2024:5696", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_5696.json", }, ], title: "Red Hat Security Advisory: tomcat security update", tracking: { current_release_date: "2024-11-26T18:08:28+00:00", generator: { date: "2024-11-26T18:08:28+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2024:5696", initial_release_date: "2024-08-21T11:56:41+00:00", revision_history: [ { date: "2024-08-21T11:56:41+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-09T18:17:28+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-26T18:08:28+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream EUS (v.9.2)", product: { name: "Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_eus:9.2::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "tomcat-1:9.0.87-1.el9_2.2.src", product: { name: "tomcat-1:9.0.87-1.el9_2.2.src", product_id: "tomcat-1:9.0.87-1.el9_2.2.src", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat@9.0.87-1.el9_2.2?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "tomcat-1:9.0.87-1.el9_2.2.noarch", product: { name: "tomcat-1:9.0.87-1.el9_2.2.noarch", product_id: "tomcat-1:9.0.87-1.el9_2.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat@9.0.87-1.el9_2.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", product: { name: "tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", product_id: "tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-admin-webapps@9.0.87-1.el9_2.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", product: { name: "tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", product_id: "tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-docs-webapp@9.0.87-1.el9_2.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", product: { name: "tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", product_id: "tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.87-1.el9_2.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", product: { name: "tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", product_id: "tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.87-1.el9_2.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-lib-1:9.0.87-1.el9_2.2.noarch", product: { name: "tomcat-lib-1:9.0.87-1.el9_2.2.noarch", product_id: "tomcat-lib-1:9.0.87-1.el9_2.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-lib@9.0.87-1.el9_2.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", product: { name: "tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", product_id: "tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.87-1.el9_2.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", product: { name: "tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", product_id: "tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-webapps@9.0.87-1.el9_2.2?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tomcat-1:9.0.87-1.el9_2.2.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.noarch", }, product_reference: "tomcat-1:9.0.87-1.el9_2.2.noarch", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-1:9.0.87-1.el9_2.2.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.src", }, product_reference: "tomcat-1:9.0.87-1.el9_2.2.src", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", }, product_reference: "tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", }, product_reference: "tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", }, product_reference: "tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", }, product_reference: "tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-lib-1:9.0.87-1.el9_2.2.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.2.noarch", }, product_reference: "tomcat-lib-1:9.0.87-1.el9_2.2.noarch", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", }, product_reference: "tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-webapps-1:9.0.87-1.el9_2.2.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", }, product_reference: "tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, discovery_date: "2024-07-03T20:41:10+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2295651", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain open that should have been closed.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Improper Handling of Exceptional Conditions", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability in Apache Tomcat is significant due to its impact on the stability and security of web applications relying on HTTP/2. The improper handling of excessive HTTP headers during HTTP/2 stream processing leads to an inaccurate count of active streams. This miscount causes the application to apply an incorrect infinite timeout, allowing connections to persist indefinitely. Such behavior results in uncontrolled resource consumption, potentially exhausting server resources and leading to denial of service (DoS) conditions. By exploiting this flaw, an attacker could degrade the performance or availability of the server.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.src", "AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34750", }, { category: "external", summary: "RHBZ#2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34750", url: "https://www.cve.org/CVERecord?id=CVE-2024-34750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", }, { category: "external", summary: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", url: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", }, ], release_date: "2024-07-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-21T11:56:41+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.src", "AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:5696", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.src", "AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.src", "AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Improper Handling of Exceptional Conditions", }, { cve: "CVE-2024-38286", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-09-25T15:03:31.413000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2314686", }, ], notes: [ { category: "description", text: "A vulnerability was found in Tomcat. Under certain configurations on any platform, this flaw allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Denial of Service in Tomcat", title: "Vulnerability summary", }, { category: "other", text: "CVE-2024-38286 represents an important security issue due to its potential to cause an `OutOfMemoryError` through the exploitation of the TLS handshake process in Apache Tomcat. This vulnerability specifically impacts configurations using TLS 1.3, which is increasingly adopted for secure communications. The ability for an attacker to trigger an OutOfMemoryError can lead to a denial-of-service (DoS) condition, effectively rendering the application or server inoperable.\n\nThe issue only affects configurations that utilize TLS 1.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.src", "AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-38286", }, { category: "external", summary: "RHBZ#2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-38286", url: "https://www.cve.org/CVERecord?id=CVE-2024-38286", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", }, { category: "external", summary: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", url: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", }, ], release_date: "2024-09-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-21T11:56:41+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.src", "AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:5696", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.src", "AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.src", "AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Denial of Service in Tomcat", }, ], }
rhsa-2024_5696
Vulnerability from csaf_redhat
Notes
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for tomcat is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)\n\n* tomcat: Denial of Service in Tomcat (CVE-2024-38286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:5696", url: "https://access.redhat.com/errata/RHSA-2024:5696", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_5696.json", }, ], title: "Red Hat Security Advisory: tomcat security update", tracking: { current_release_date: "2024-11-26T18:08:28+00:00", generator: { date: "2024-11-26T18:08:28+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2024:5696", initial_release_date: "2024-08-21T11:56:41+00:00", revision_history: [ { date: "2024-08-21T11:56:41+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-09T18:17:28+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-26T18:08:28+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream EUS (v.9.2)", product: { name: "Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_eus:9.2::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "tomcat-1:9.0.87-1.el9_2.2.src", product: { name: "tomcat-1:9.0.87-1.el9_2.2.src", product_id: "tomcat-1:9.0.87-1.el9_2.2.src", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat@9.0.87-1.el9_2.2?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "tomcat-1:9.0.87-1.el9_2.2.noarch", product: { name: "tomcat-1:9.0.87-1.el9_2.2.noarch", product_id: "tomcat-1:9.0.87-1.el9_2.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat@9.0.87-1.el9_2.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", product: { name: "tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", product_id: "tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-admin-webapps@9.0.87-1.el9_2.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", product: { name: "tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", product_id: "tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-docs-webapp@9.0.87-1.el9_2.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", product: { name: "tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", product_id: "tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.87-1.el9_2.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", product: { name: "tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", product_id: "tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.87-1.el9_2.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-lib-1:9.0.87-1.el9_2.2.noarch", product: { name: "tomcat-lib-1:9.0.87-1.el9_2.2.noarch", product_id: "tomcat-lib-1:9.0.87-1.el9_2.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-lib@9.0.87-1.el9_2.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", product: { name: "tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", product_id: "tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.87-1.el9_2.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", product: { name: "tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", product_id: "tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-webapps@9.0.87-1.el9_2.2?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tomcat-1:9.0.87-1.el9_2.2.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.noarch", }, product_reference: "tomcat-1:9.0.87-1.el9_2.2.noarch", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-1:9.0.87-1.el9_2.2.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.src", }, product_reference: "tomcat-1:9.0.87-1.el9_2.2.src", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", }, product_reference: "tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", }, product_reference: "tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", }, product_reference: "tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", }, product_reference: "tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-lib-1:9.0.87-1.el9_2.2.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.2.noarch", }, product_reference: "tomcat-lib-1:9.0.87-1.el9_2.2.noarch", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", }, product_reference: "tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-webapps-1:9.0.87-1.el9_2.2.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", }, product_reference: "tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, discovery_date: "2024-07-03T20:41:10+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2295651", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain open that should have been closed.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Improper Handling of Exceptional Conditions", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability in Apache Tomcat is significant due to its impact on the stability and security of web applications relying on HTTP/2. The improper handling of excessive HTTP headers during HTTP/2 stream processing leads to an inaccurate count of active streams. This miscount causes the application to apply an incorrect infinite timeout, allowing connections to persist indefinitely. Such behavior results in uncontrolled resource consumption, potentially exhausting server resources and leading to denial of service (DoS) conditions. By exploiting this flaw, an attacker could degrade the performance or availability of the server.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.src", "AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34750", }, { category: "external", summary: "RHBZ#2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34750", url: "https://www.cve.org/CVERecord?id=CVE-2024-34750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", }, { category: "external", summary: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", url: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", }, ], release_date: "2024-07-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-21T11:56:41+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.src", "AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:5696", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.src", "AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.src", "AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Improper Handling of Exceptional Conditions", }, { cve: "CVE-2024-38286", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-09-25T15:03:31.413000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2314686", }, ], notes: [ { category: "description", text: "A vulnerability was found in Tomcat. Under certain configurations on any platform, this flaw allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Denial of Service in Tomcat", title: "Vulnerability summary", }, { category: "other", text: "CVE-2024-38286 represents an important security issue due to its potential to cause an `OutOfMemoryError` through the exploitation of the TLS handshake process in Apache Tomcat. This vulnerability specifically impacts configurations using TLS 1.3, which is increasingly adopted for secure communications. The ability for an attacker to trigger an OutOfMemoryError can lead to a denial-of-service (DoS) condition, effectively rendering the application or server inoperable.\n\nThe issue only affects configurations that utilize TLS 1.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.src", "AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-38286", }, { category: "external", summary: "RHBZ#2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-38286", url: "https://www.cve.org/CVERecord?id=CVE-2024-38286", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", }, { category: "external", summary: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", url: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", }, ], release_date: "2024-09-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-21T11:56:41+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.src", "AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:5696", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.src", "AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.src", "AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Denial of Service in Tomcat", }, ], }
rhsa-2024_5024
Vulnerability from csaf_redhat
Notes
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for Red Hat JBoss Web Server 5.8 on Red Hat Enterprise Linux versions 7, 8, and 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 5.8.1 serves as a replacement for Red Hat JBoss Web Server 5.8.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes that are linked to in the References section.\n\nSecurity Fix(es):\n\n* jws5-tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)\n* jws5-tomcat: Denial of Service in Tomcat (CVE-2024-38286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:5024", url: "https://access.redhat.com/errata/RHSA-2024:5024", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/5.8/html-single/red_hat_jboss_web_server_5.8_service_pack_1_release_notes/index", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/5.8/html-single/red_hat_jboss_web_server_5.8_service_pack_1_release_notes/index", }, { category: "external", summary: "2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_5024.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Web Server 5.8.1 release and security update", tracking: { current_release_date: "2024-11-26T18:07:56+00:00", generator: { date: "2024-11-26T18:07:56+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2024:5024", initial_release_date: "2024-08-06T13:51:19+00:00", revision_history: [ { date: "2024-08-06T13:51:19+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-01T13:29:29+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-26T18:07:56+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product: { name: "Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_server:5.8::el7", }, }, }, { category: "product_name", name: "Red Hat JBoss Web Server 5.8 for RHEL 8", product: { name: "Red Hat JBoss Web Server 5.8 for RHEL 8", product_id: "8Base-JWS-5.8", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_server:5.8::el8", }, }, }, { category: "product_name", name: "Red Hat JBoss Web Server 5.8 for RHEL 9", product: { name: "Red Hat JBoss Web Server 5.8 for RHEL 9", product_id: "9Base-JWS-5.8", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_server:5.8::el9", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Server", }, { branches: [ { category: "product_version", name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", product: { name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", product_id: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat@9.0.87-5.redhat_00005.1.el7jws?arch=src", }, }, }, { category: "product_version", name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", product: { name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", product_id: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat@9.0.87-5.redhat_00005.1.el8jws?arch=src", }, }, }, { category: "product_version", name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", product: { name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", product_id: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat@9.0.87-5.redhat_00005.1.el9jws?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product: { name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_id: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat@9.0.87-5.redhat_00005.1.el7jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product: { name: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_id: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.87-5.redhat_00005.1.el7jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product: { name: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_id: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.87-5.redhat_00005.1.el7jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product: { name: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_id: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.87-5.redhat_00005.1.el7jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product: { name: "jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_id: "jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-java-jdk11@9.0.87-5.redhat_00005.1.el7jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product: { name: "jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_id: "jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-java-jdk8@9.0.87-5.redhat_00005.1.el7jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product: { name: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_id: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.87-5.redhat_00005.1.el7jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product: { name: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_id: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.87-5.redhat_00005.1.el7jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product: { name: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_id: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-lib@9.0.87-5.redhat_00005.1.el7jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product: { name: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_id: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.87-5.redhat_00005.1.el7jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product: { name: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_id: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.87-5.redhat_00005.1.el7jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product: { name: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_id: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.87-5.redhat_00005.1.el7jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product: { name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_id: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat@9.0.87-5.redhat_00005.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product: { name: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_id: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.87-5.redhat_00005.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product: { name: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_id: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.87-5.redhat_00005.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product: { name: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_id: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.87-5.redhat_00005.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product: { name: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_id: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.87-5.redhat_00005.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product: { name: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_id: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.87-5.redhat_00005.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product: { name: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_id: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-lib@9.0.87-5.redhat_00005.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product: { name: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_id: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.87-5.redhat_00005.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product: { name: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_id: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.87-5.redhat_00005.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product: { name: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_id: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.87-5.redhat_00005.1.el8jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product: { name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_id: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat@9.0.87-5.redhat_00005.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product: { name: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_id: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-admin-webapps@9.0.87-5.redhat_00005.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product: { name: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_id: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-docs-webapp@9.0.87-5.redhat_00005.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product: { name: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_id: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-el-3.0-api@9.0.87-5.redhat_00005.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product: { name: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_id: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-javadoc@9.0.87-5.redhat_00005.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product: { name: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_id: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-jsp-2.3-api@9.0.87-5.redhat_00005.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product: { name: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_id: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-lib@9.0.87-5.redhat_00005.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product: { name: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_id: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-selinux@9.0.87-5.redhat_00005.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product: { name: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_id: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-servlet-4.0-api@9.0.87-5.redhat_00005.1.el9jws?arch=noarch", }, }, }, { category: "product_version", name: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product: { name: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_id: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jws5-tomcat-webapps@9.0.87-5.redhat_00005.1.el9jws?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", }, product_reference: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", }, product_reference: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", }, product_reference: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", }, product_reference: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", }, product_reference: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", }, product_reference: "jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", }, product_reference: "jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", }, product_reference: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", }, product_reference: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", }, product_reference: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", }, product_reference: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", }, product_reference: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 7 Server", product_id: "7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", }, product_reference: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", relates_to_product_reference: "7Server-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8", product_id: "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", }, product_reference: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src as a component of Red Hat JBoss Web Server 5.8 for RHEL 8", product_id: "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", }, product_reference: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", relates_to_product_reference: "8Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8", product_id: "8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", }, product_reference: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8", product_id: "8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", }, product_reference: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8", product_id: "8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", }, product_reference: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8", product_id: "8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", }, product_reference: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8", product_id: "8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", }, product_reference: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8", product_id: "8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", }, product_reference: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8", product_id: "8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", }, product_reference: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8", product_id: "8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", }, product_reference: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 8", product_id: "8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", }, product_reference: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", relates_to_product_reference: "8Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9", product_id: "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", }, product_reference: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src as a component of Red Hat JBoss Web Server 5.8 for RHEL 9", product_id: "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", }, product_reference: "jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", relates_to_product_reference: "9Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9", product_id: "9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", }, product_reference: "jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9", product_id: "9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", }, product_reference: "jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9", product_id: "9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", }, product_reference: "jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9", product_id: "9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", }, product_reference: "jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9", product_id: "9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", }, product_reference: "jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9", product_id: "9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", }, product_reference: "jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9", product_id: "9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", }, product_reference: "jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9", product_id: "9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", }, product_reference: "jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-5.8", }, { category: "default_component_of", full_product_name: { name: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch as a component of Red Hat JBoss Web Server 5.8 for RHEL 9", product_id: "9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", }, product_reference: "jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", relates_to_product_reference: "9Base-JWS-5.8", }, ], }, vulnerabilities: [ { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, discovery_date: "2024-07-03T20:41:10+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2295651", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain open that should have been closed.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Improper Handling of Exceptional Conditions", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability in Apache Tomcat is significant due to its impact on the stability and security of web applications relying on HTTP/2. The improper handling of excessive HTTP headers during HTTP/2 stream processing leads to an inaccurate count of active streams. This miscount causes the application to apply an incorrect infinite timeout, allowing connections to persist indefinitely. Such behavior results in uncontrolled resource consumption, potentially exhausting server resources and leading to denial of service (DoS) conditions. By exploiting this flaw, an attacker could degrade the performance or availability of the server.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", "7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", "8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", "9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34750", }, { category: "external", summary: "RHBZ#2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34750", url: "https://www.cve.org/CVERecord?id=CVE-2024-34750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", }, { category: "external", summary: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", url: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", }, ], release_date: "2024-07-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-06T13:51:19+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", "7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", "8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", "9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:5024", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", "7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", "8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", "9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", "7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", "8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", "9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Improper Handling of Exceptional Conditions", }, { cve: "CVE-2024-38286", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-09-25T15:03:31.413000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2314686", }, ], notes: [ { category: "description", text: "A vulnerability was found in Tomcat. Under certain configurations on any platform, this flaw allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Denial of Service in Tomcat", title: "Vulnerability summary", }, { category: "other", text: "CVE-2024-38286 represents an important security issue due to its potential to cause an `OutOfMemoryError` through the exploitation of the TLS handshake process in Apache Tomcat. This vulnerability specifically impacts configurations using TLS 1.3, which is increasingly adopted for secure communications. The ability for an attacker to trigger an OutOfMemoryError can lead to a denial-of-service (DoS) condition, effectively rendering the application or server inoperable.\n\nThe issue only affects configurations that utilize TLS 1.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", "7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", "8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", "9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-38286", }, { category: "external", summary: "RHBZ#2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-38286", url: "https://www.cve.org/CVERecord?id=CVE-2024-38286", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", }, { category: "external", summary: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", url: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", }, ], release_date: "2024-09-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-06T13:51:19+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", "7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", "8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", "9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:5024", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", "7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", "8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", "9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el7jws.src", "7Server-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk11-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-java-jdk8-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "7Server-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el7jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el8jws.src", "8Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "8Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el8jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-0:9.0.87-5.redhat_00005.1.el9jws.src", "9Base-JWS-5.8:jws5-tomcat-admin-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-docs-webapp-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-el-3.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-javadoc-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-jsp-2.3-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-lib-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-selinux-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-servlet-4.0-api-0:9.0.87-5.redhat_00005.1.el9jws.noarch", "9Base-JWS-5.8:jws5-tomcat-webapps-0:9.0.87-5.redhat_00005.1.el9jws.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Denial of Service in Tomcat", }, ], }
rhsa-2024:5696
Vulnerability from csaf_redhat
Notes
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for tomcat is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)\n\n* tomcat: Denial of Service in Tomcat (CVE-2024-38286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:5696", url: "https://access.redhat.com/errata/RHSA-2024:5696", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_5696.json", }, ], title: "Red Hat Security Advisory: tomcat security update", tracking: { current_release_date: "2024-11-26T18:08:28+00:00", generator: { date: "2024-11-26T18:08:28+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2024:5696", initial_release_date: "2024-08-21T11:56:41+00:00", revision_history: [ { date: "2024-08-21T11:56:41+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-09T18:17:28+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-26T18:08:28+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream EUS (v.9.2)", product: { name: "Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_eus:9.2::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "tomcat-1:9.0.87-1.el9_2.2.src", product: { name: "tomcat-1:9.0.87-1.el9_2.2.src", product_id: "tomcat-1:9.0.87-1.el9_2.2.src", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat@9.0.87-1.el9_2.2?arch=src&epoch=1", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "tomcat-1:9.0.87-1.el9_2.2.noarch", product: { name: "tomcat-1:9.0.87-1.el9_2.2.noarch", product_id: "tomcat-1:9.0.87-1.el9_2.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat@9.0.87-1.el9_2.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", product: { name: "tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", product_id: "tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-admin-webapps@9.0.87-1.el9_2.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", product: { name: "tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", product_id: "tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-docs-webapp@9.0.87-1.el9_2.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", product: { name: "tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", product_id: "tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-el-3.0-api@9.0.87-1.el9_2.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", product: { name: "tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", product_id: "tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-jsp-2.3-api@9.0.87-1.el9_2.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-lib-1:9.0.87-1.el9_2.2.noarch", product: { name: "tomcat-lib-1:9.0.87-1.el9_2.2.noarch", product_id: "tomcat-lib-1:9.0.87-1.el9_2.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-lib@9.0.87-1.el9_2.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", product: { name: "tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", product_id: "tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-servlet-4.0-api@9.0.87-1.el9_2.2?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", product: { name: "tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", product_id: "tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat-webapps@9.0.87-1.el9_2.2?arch=noarch&epoch=1", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tomcat-1:9.0.87-1.el9_2.2.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.noarch", }, product_reference: "tomcat-1:9.0.87-1.el9_2.2.noarch", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-1:9.0.87-1.el9_2.2.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.src", }, product_reference: "tomcat-1:9.0.87-1.el9_2.2.src", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", }, product_reference: "tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", }, product_reference: "tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", }, product_reference: "tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", }, product_reference: "tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-lib-1:9.0.87-1.el9_2.2.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.2.noarch", }, product_reference: "tomcat-lib-1:9.0.87-1.el9_2.2.noarch", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", }, product_reference: "tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "tomcat-webapps-1:9.0.87-1.el9_2.2.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", }, product_reference: "tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, discovery_date: "2024-07-03T20:41:10+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2295651", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain open that should have been closed.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Improper Handling of Exceptional Conditions", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability in Apache Tomcat is significant due to its impact on the stability and security of web applications relying on HTTP/2. The improper handling of excessive HTTP headers during HTTP/2 stream processing leads to an inaccurate count of active streams. This miscount causes the application to apply an incorrect infinite timeout, allowing connections to persist indefinitely. Such behavior results in uncontrolled resource consumption, potentially exhausting server resources and leading to denial of service (DoS) conditions. By exploiting this flaw, an attacker could degrade the performance or availability of the server.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.src", "AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34750", }, { category: "external", summary: "RHBZ#2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34750", url: "https://www.cve.org/CVERecord?id=CVE-2024-34750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", }, { category: "external", summary: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", url: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", }, ], release_date: "2024-07-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-21T11:56:41+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.src", "AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:5696", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.src", "AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.src", "AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Improper Handling of Exceptional Conditions", }, { cve: "CVE-2024-38286", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-09-25T15:03:31.413000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2314686", }, ], notes: [ { category: "description", text: "A vulnerability was found in Tomcat. Under certain configurations on any platform, this flaw allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Denial of Service in Tomcat", title: "Vulnerability summary", }, { category: "other", text: "CVE-2024-38286 represents an important security issue due to its potential to cause an `OutOfMemoryError` through the exploitation of the TLS handshake process in Apache Tomcat. This vulnerability specifically impacts configurations using TLS 1.3, which is increasingly adopted for secure communications. The ability for an attacker to trigger an OutOfMemoryError can lead to a denial-of-service (DoS) condition, effectively rendering the application or server inoperable.\n\nThe issue only affects configurations that utilize TLS 1.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.src", "AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-38286", }, { category: "external", summary: "RHBZ#2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-38286", url: "https://www.cve.org/CVERecord?id=CVE-2024-38286", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", }, { category: "external", summary: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", url: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", }, ], release_date: "2024-09-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-21T11:56:41+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.src", "AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:5696", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.src", "AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-1:9.0.87-1.el9_2.2.src", "AppStream-9.2.0.Z.EUS:tomcat-admin-webapps-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-docs-webapp-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-el-3.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-jsp-2.3-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-lib-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-servlet-4.0-api-1:9.0.87-1.el9_2.2.noarch", "AppStream-9.2.0.Z.EUS:tomcat-webapps-1:9.0.87-1.el9_2.2.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Denial of Service in Tomcat", }, ], }
RHSA-2024:5025
Vulnerability from csaf_redhat
Notes
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Web Server 5.8.1 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 5.8.1 serves as a replacement for Red Hat JBoss Web Server 5.8.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes that are linked to in the References section.\n\nSecurity Fix(es):\n\n* jws5-tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)\n* jws5-tomcat: Denial of Service in Tomcat (CVE-2024-38286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:5025", url: "https://access.redhat.com/errata/RHSA-2024:5025", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/5.8/html-single/red_hat_jboss_web_server_5.8_service_pack_1_release_notes/index", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/5.8/html-single/red_hat_jboss_web_server_5.8_service_pack_1_release_notes/index", }, { category: "external", summary: "2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_5025.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Web Server 5.8.1 release and security update", tracking: { current_release_date: "2024-11-26T18:08:07+00:00", generator: { date: "2024-11-26T18:08:07+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2024:5025", initial_release_date: "2024-08-06T10:49:14+00:00", revision_history: [ { date: "2024-08-06T10:49:14+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-01T13:29:13+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-26T18:08:07+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Web Server 5", product: { name: "Red Hat JBoss Web Server 5", product_id: "Red Hat JBoss Web Server 5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_server:5.8", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Server", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, discovery_date: "2024-07-03T20:41:10+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2295651", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain open that should have been closed.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Improper Handling of Exceptional Conditions", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability in Apache Tomcat is significant due to its impact on the stability and security of web applications relying on HTTP/2. The improper handling of excessive HTTP headers during HTTP/2 stream processing leads to an inaccurate count of active streams. This miscount causes the application to apply an incorrect infinite timeout, allowing connections to persist indefinitely. Such behavior results in uncontrolled resource consumption, potentially exhausting server resources and leading to denial of service (DoS) conditions. By exploiting this flaw, an attacker could degrade the performance or availability of the server.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 5", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34750", }, { category: "external", summary: "RHBZ#2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34750", url: "https://www.cve.org/CVERecord?id=CVE-2024-34750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", }, { category: "external", summary: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", url: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", }, ], release_date: "2024-07-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-06T10:49:14+00:00", details: "Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", product_ids: [ "Red Hat JBoss Web Server 5", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:5025", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat JBoss Web Server 5", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Web Server 5", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Improper Handling of Exceptional Conditions", }, { cve: "CVE-2024-38286", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-09-25T15:03:31.413000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2314686", }, ], notes: [ { category: "description", text: "A vulnerability was found in Tomcat. Under certain configurations on any platform, this flaw allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Denial of Service in Tomcat", title: "Vulnerability summary", }, { category: "other", text: "CVE-2024-38286 represents an important security issue due to its potential to cause an `OutOfMemoryError` through the exploitation of the TLS handshake process in Apache Tomcat. This vulnerability specifically impacts configurations using TLS 1.3, which is increasingly adopted for secure communications. The ability for an attacker to trigger an OutOfMemoryError can lead to a denial-of-service (DoS) condition, effectively rendering the application or server inoperable.\n\nThe issue only affects configurations that utilize TLS 1.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 5", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-38286", }, { category: "external", summary: "RHBZ#2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-38286", url: "https://www.cve.org/CVERecord?id=CVE-2024-38286", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", }, { category: "external", summary: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", url: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", }, ], release_date: "2024-09-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-06T10:49:14+00:00", details: "Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", product_ids: [ "Red Hat JBoss Web Server 5", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:5025", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat JBoss Web Server 5", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Web Server 5", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Denial of Service in Tomcat", }, ], }
rhsa-2024_5025
Vulnerability from csaf_redhat
Notes
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Web Server 5.8.1 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 5.8.1 serves as a replacement for Red Hat JBoss Web Server 5.8.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes that are linked to in the References section.\n\nSecurity Fix(es):\n\n* jws5-tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750)\n* jws5-tomcat: Denial of Service in Tomcat (CVE-2024-38286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:5025", url: "https://access.redhat.com/errata/RHSA-2024:5025", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/5.8/html-single/red_hat_jboss_web_server_5.8_service_pack_1_release_notes/index", url: "https://docs.redhat.com/en/documentation/red_hat_jboss_web_server/5.8/html-single/red_hat_jboss_web_server_5.8_service_pack_1_release_notes/index", }, { category: "external", summary: "2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_5025.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Web Server 5.8.1 release and security update", tracking: { current_release_date: "2024-11-26T18:08:07+00:00", generator: { date: "2024-11-26T18:08:07+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2024:5025", initial_release_date: "2024-08-06T10:49:14+00:00", revision_history: [ { date: "2024-08-06T10:49:14+00:00", number: "1", summary: "Initial version", }, { date: "2024-10-01T13:29:13+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-26T18:08:07+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Web Server 5", product: { name: "Red Hat JBoss Web Server 5", product_id: "Red Hat JBoss Web Server 5", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_server:5.8", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Server", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, discovery_date: "2024-07-03T20:41:10+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2295651", }, ], notes: [ { category: "description", text: "A vulnerability was found in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This issue led to a miscounting of active HTTP/2 streams, which in turn led to using an incorrect infinite timeout that allowed connections to remain open that should have been closed.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Improper Handling of Exceptional Conditions", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability in Apache Tomcat is significant due to its impact on the stability and security of web applications relying on HTTP/2. The improper handling of excessive HTTP headers during HTTP/2 stream processing leads to an inaccurate count of active streams. This miscount causes the application to apply an incorrect infinite timeout, allowing connections to persist indefinitely. Such behavior results in uncontrolled resource consumption, potentially exhausting server resources and leading to denial of service (DoS) conditions. By exploiting this flaw, an attacker could degrade the performance or availability of the server.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 5", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-34750", }, { category: "external", summary: "RHBZ#2295651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-34750", url: "https://www.cve.org/CVERecord?id=CVE-2024-34750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", }, { category: "external", summary: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", url: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", }, ], release_date: "2024-07-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-06T10:49:14+00:00", details: "Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", product_ids: [ "Red Hat JBoss Web Server 5", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:5025", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat JBoss Web Server 5", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Web Server 5", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Improper Handling of Exceptional Conditions", }, { cve: "CVE-2024-38286", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-09-25T15:03:31.413000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2314686", }, ], notes: [ { category: "description", text: "A vulnerability was found in Tomcat. Under certain configurations on any platform, this flaw allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Denial of Service in Tomcat", title: "Vulnerability summary", }, { category: "other", text: "CVE-2024-38286 represents an important security issue due to its potential to cause an `OutOfMemoryError` through the exploitation of the TLS handshake process in Apache Tomcat. This vulnerability specifically impacts configurations using TLS 1.3, which is increasingly adopted for secure communications. The ability for an attacker to trigger an OutOfMemoryError can lead to a denial-of-service (DoS) condition, effectively rendering the application or server inoperable.\n\nThe issue only affects configurations that utilize TLS 1.3.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Web Server 5", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-38286", }, { category: "external", summary: "RHBZ#2314686", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2314686", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-38286", url: "https://www.cve.org/CVERecord?id=CVE-2024-38286", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-38286", }, { category: "external", summary: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", url: "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s", }, ], release_date: "2024-09-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-08-06T10:49:14+00:00", details: "Before applying the update, back up your existing Red Hat JBoss Web Server installation, including all applications and configuration files.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.", product_ids: [ "Red Hat JBoss Web Server 5", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:5025", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat JBoss Web Server 5", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Web Server 5", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat: Denial of Service in Tomcat", }, ], }
ncsc-2024-0466
Vulnerability from csaf_ncscnl
Notes
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Atlassian heeft kwetsbaarheden verholpen in diverse producten als Jira, Bamboo en Confluence.", title: "Feiten", }, { category: "description", text: "De kwetsbaarheden bevinden zich in verschillende third party componenten van ontwikkelaars zoals Oracle, RedHat en het Apache consortium. Deze kwetsbaarheden kunnen leiden tot geheugenuitputting en Denial-of-Service (DoS) door onjuiste invoerbeperkingen. Aanvallers kunnen deze kwetsbaarheden misbruiken door speciaal vervaardigde verzoeken te sturen, wat kan resulteren in systeeminstabiliteit en crashes.\nVoor de kwetsbaarheden zijn door de diverse ontwikkelaars updates uitgebracht om ze te verhelpen. Atlassian heeft de updates verwerkt in de eigen producten.", title: "Interpretaties", }, { category: "description", text: "Atlassian heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "general", text: "Improper Verification of Cryptographic Signature", title: "CWE-347", }, { category: "general", text: "Excessive Platform Resource Consumption within a Loop", title: "CWE-1050", }, { category: "general", text: "Relative Path Traversal", title: "CWE-23", }, { category: "general", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, { category: "general", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "general", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "general", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - certbundde", url: "https://confluence.atlassian.com/security/security-bulletin-november-19-2024-1456179091.html", }, ], title: "Kwetsbaarheden verholpen in Atlassian producten", tracking: { current_release_date: "2024-12-06T13:05:55.904619Z", id: "NCSC-2024-0466", initial_release_date: "2024-12-06T13:05:55.904619Z", revision_history: [ { date: "2024-12-06T13:05:55.904619Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "atlassian_bamboo__10.0.0", product: { name: "atlassian_bamboo__10.0.0", product_id: "CSAFPID-1645374", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_bamboo__10.0.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_bamboo__9.2.17", product: { name: "atlassian_bamboo__9.2.17", product_id: "CSAFPID-1621163", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_bamboo__9.2.17:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_bamboo__9.6.4", product: { name: "atlassian_bamboo__9.6.4", product_id: "CSAFPID-1645371", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_bamboo__9.6.4:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_bitbucket__8.19.9", product: { name: "atlassian_bitbucket__8.19.9", product_id: "CSAFPID-1645370", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_bitbucket__8.19.9:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_bitbucket__8.9.19", product: { name: "atlassian_bitbucket__8.9.19", product_id: "CSAFPID-1645373", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_bitbucket__8.9.19:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_bitbucket__9.0.0", product: { name: "atlassian_bitbucket__9.0.0", product_id: "CSAFPID-1645372", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_bitbucket__9.0.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_confluence__7.19.26", product: { name: "atlassian_confluence__7.19.26", product_id: "CSAFPID-1621160", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_confluence__7.19.26:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_confluence__7.19.26__lts_", product: { name: "atlassian_confluence__7.19.26__lts_", product_id: "CSAFPID-1621135", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_confluence__7.19.26__lts_:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_confluence__8.5.12", product: { name: "atlassian_confluence__8.5.12", product_id: "CSAFPID-1645510", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_confluence__8.5.12:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_confluence__8.5.14__lts_", product: { name: "atlassian_confluence__8.5.14__lts_", product_id: "CSAFPID-1621133", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_confluence__8.5.14__lts_:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_confluence__8.9.4", product: { name: "atlassian_confluence__8.9.4", product_id: "CSAFPID-1645509", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_confluence__8.9.4:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_confluence__9.0.1", product: { name: "atlassian_confluence__9.0.1", product_id: "CSAFPID-1621161", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_confluence__9.0.1:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_confluence_data_center__9.0.1", product: { name: "atlassian_confluence_data_center__9.0.1", product_id: "CSAFPID-1621140", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_confluence_data_center__9.0.1:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_jira_software__9.12.12__lts_", product: { name: "atlassian_jira_software__9.12.12__lts_", product_id: "CSAFPID-1621142", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_jira_software__9.12.12__lts_:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_jira_software__9.4.25__lts_", product: { name: "atlassian_jira_software__9.4.25__lts_", product_id: "CSAFPID-1621143", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_jira_software__9.4.25__lts_:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_jira_software_data_center__9.17.1", product: { name: "atlassian_jira_software_data_center__9.17.1", product_id: "CSAFPID-1621141", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_jira_software_data_center__9.17.1:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_jira_software_service_management__5.12.12__lts_", product: { name: "atlassian_jira_software_service_management__5.12.12__lts_", product_id: "CSAFPID-1621138", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_jira_software_service_management__5.12.12__lts_:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_jira_software_service_management__5.4.25__lts_", product: { name: "atlassian_jira_software_service_management__5.4.25__lts_", product_id: "CSAFPID-1621139", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_jira_software_service_management__5.4.25__lts_:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_jira_software_service_management_data_center__5.17.1", product: { name: "atlassian_jira_software_service_management_data_center__5.17.1", product_id: "CSAFPID-1621137", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_jira_software_service_management_data_center__5.17.1:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "bamboo", product: { name: "bamboo", product_id: "CSAFPID-716889", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "bitbucket", product: { name: "bitbucket", product_id: "CSAFPID-1725084", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:bitbucket:-:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "confluence", product: { name: "confluence", product_id: "CSAFPID-551338", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "jira_software", product: { name: "jira_software", product_id: "CSAFPID-1725085", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:jira_software:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sourcetree", product: { name: "sourcetree", product_id: "CSAFPID-1724900", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sourcetree", product: { name: "sourcetree", product_id: "CSAFPID-1725556", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:macos:*:*", }, }, }, { category: "product_name", name: "sourcetree", product: { name: "sourcetree", product_id: "CSAFPID-1725557", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:windows:*:*", }, }, }, { category: "product_name", name: "sourcetree_for_mac", product: { name: "sourcetree_for_mac", product_id: "CSAFPID-1724286", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:sourcetree_for_mac:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sourcetree_for_windows", product: { name: "sourcetree_for_windows", product_id: "CSAFPID-1724287", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:sourcetree_for_windows:*:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "atlassian", }, ], }, vulnerabilities: [ { cve: "CVE-2022-38900", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-551338", ], }, references: [ { category: "self", summary: "CVE-2022-38900", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-38900.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-551338", ], }, ], title: "CVE-2022-38900", }, { cve: "CVE-2023-46234", cwe: { id: "CWE-347", name: "Improper Verification of Cryptographic Signature", }, notes: [ { category: "other", text: "Improper Verification of Cryptographic Signature", title: "CWE-347", }, ], product_status: { known_affected: [ "CSAFPID-551338", ], }, references: [ { category: "self", summary: "CVE-2023-46234", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46234.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-551338", ], }, ], title: "CVE-2023-46234", }, { cve: "CVE-2023-52428", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-551338", "CSAFPID-1725085", "CSAFPID-716889", ], }, references: [ { category: "self", summary: "CVE-2023-52428", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52428.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-551338", "CSAFPID-1725085", "CSAFPID-716889", ], }, ], title: "CVE-2023-52428", }, { cve: "CVE-2024-4068", cwe: { id: "CWE-1050", name: "Excessive Platform Resource Consumption within a Loop", }, notes: [ { category: "other", text: "Excessive Platform Resource Consumption within a Loop", title: "CWE-1050", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-551338", ], }, references: [ { category: "self", summary: "CVE-2024-4068", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4068.json", }, ], title: "CVE-2024-4068", }, { cve: "CVE-2024-21697", product_status: { known_affected: [ "CSAFPID-1724286", "CSAFPID-1724287", "CSAFPID-1725556", "CSAFPID-1725557", ], }, references: [ { category: "self", summary: "CVE-2024-21697", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21697.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "CSAFPID-1724286", "CSAFPID-1724287", "CSAFPID-1725556", "CSAFPID-1725557", ], }, ], title: "CVE-2024-21697", }, { cve: "CVE-2024-24549", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1725084", "CSAFPID-551338", ], }, references: [ { category: "self", summary: "CVE-2024-24549", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24549.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1725084", "CSAFPID-551338", ], }, ], title: "CVE-2024-24549", }, { cve: "CVE-2024-30172", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], product_status: { known_affected: [ "CSAFPID-1621160", "CSAFPID-1621161", "CSAFPID-1645509", "CSAFPID-1645510", "CSAFPID-551338", "CSAFPID-1725084", ], }, references: [ { category: "self", summary: "CVE-2024-30172", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-30172.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1621160", "CSAFPID-1621161", "CSAFPID-1645509", "CSAFPID-1645510", "CSAFPID-551338", "CSAFPID-1725084", ], }, ], title: "CVE-2024-30172", }, { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, notes: [ { category: "other", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1621133", "CSAFPID-1621135", "CSAFPID-1621137", "CSAFPID-1621138", "CSAFPID-1621139", "CSAFPID-1621140", "CSAFPID-1621141", "CSAFPID-1621142", "CSAFPID-1621143", "CSAFPID-1621163", "CSAFPID-1645370", "CSAFPID-1645371", "CSAFPID-1645372", "CSAFPID-1645373", "CSAFPID-1645374", ], }, references: [ { category: "self", summary: "CVE-2024-34750", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34750.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1621133", "CSAFPID-1621135", "CSAFPID-1621137", "CSAFPID-1621138", "CSAFPID-1621139", "CSAFPID-1621140", "CSAFPID-1621141", "CSAFPID-1621142", "CSAFPID-1621143", "CSAFPID-1621163", "CSAFPID-1645370", "CSAFPID-1645371", "CSAFPID-1645372", "CSAFPID-1645373", "CSAFPID-1645374", ], }, ], title: "CVE-2024-34750", }, { cve: "CVE-2024-38286", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], references: [ { category: "self", summary: "CVE-2024-38286", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38286.json", }, ], title: "CVE-2024-38286", }, { cve: "CVE-2024-38816", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "other", text: "Relative Path Traversal", title: "CWE-23", }, ], product_status: { known_affected: [ "CSAFPID-551338", "CSAFPID-716889", ], }, references: [ { category: "self", summary: "CVE-2024-38816", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38816.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-551338", "CSAFPID-716889", ], }, ], title: "CVE-2024-38816", }, { cve: "CVE-2024-45801", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, notes: [ { category: "other", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, { category: "other", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, ], product_status: { known_affected: [ "CSAFPID-1725085", ], }, references: [ { category: "self", summary: "CVE-2024-45801", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45801.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1725085", ], }, ], title: "CVE-2024-45801", }, { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, ], product_status: { known_affected: [ "CSAFPID-716889", ], }, references: [ { category: "self", summary: "CVE-2024-47561", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47561.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-716889", ], }, ], title: "CVE-2024-47561", }, ], }
NCSC-2024-0414
Vulnerability from csaf_ncscnl
Notes
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Oracle heeft kwetsbaarheden verholpen in diverse Communications producten en systemen.", title: "Feiten", }, { category: "description", text: "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n- Denial-of-Service (DoS)\n- Manipuleren van gegevens\n- Uitvoer van willekeurige code (Gebruikersrechten)\n- Uitvoer van willekeurige code (Administratorrechten)\n- Toegang tot gevoelige gegevens", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "general", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Return of Pointer Value Outside of Expected Range", title: "CWE-466", }, { category: "general", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, { category: "general", text: "Detection of Error Condition Without Action", title: "CWE-390", }, { category: "general", text: "Asymmetric Resource Consumption (Amplification)", title: "CWE-405", }, { category: "general", text: "Truncation of Security-relevant Information", title: "CWE-222", }, { category: "general", text: "Signal Handler Race Condition", title: "CWE-364", }, { category: "general", text: "Multiple Interpretations of UI Input", title: "CWE-450", }, { category: "general", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, { category: "general", text: "Missing Release of Resource after Effective Lifetime", title: "CWE-772", }, { category: "general", text: "Incorrect Resource Transfer Between Spheres", title: "CWE-669", }, { category: "general", text: "Buffer Over-read", title: "CWE-126", }, { category: "general", text: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", title: "CWE-88", }, { category: "general", text: "Acceptance of Extraneous Untrusted Data With Trusted Data", title: "CWE-349", }, { category: "general", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "general", text: "Excessive Iteration", title: "CWE-834", }, { category: "general", text: "Inefficient Algorithmic Complexity", title: "CWE-407", }, { category: "general", text: "Improper Check for Unusual or Exceptional Conditions", title: "CWE-754", }, { category: "general", text: "Improper Check or Handling of Exceptional Conditions", title: "CWE-703", }, { category: "general", text: "Uncontrolled Search Path Element", title: "CWE-427", }, { category: "general", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, { category: "general", text: "Signed to Unsigned Conversion Error", title: "CWE-195", }, { category: "general", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, { category: "general", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, { category: "general", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, { category: "general", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, { category: "general", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "general", text: "UNIX Symbolic Link (Symlink) Following", title: "CWE-61", }, { category: "general", text: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", title: "CWE-362", }, { category: "general", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "Improper Access Control", title: "CWE-284", }, { category: "general", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "general", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "Missing Release of Memory after Effective Lifetime", title: "CWE-401", }, { category: "general", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "general", text: "Incomplete Cleanup", title: "CWE-459", }, { category: "general", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "general", text: "Uncaught Exception", title: "CWE-248", }, { category: "general", text: "Uncontrolled Recursion", title: "CWE-674", }, { category: "general", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, { category: "general", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - cveprojectv5; hkcert; nvd; oracle; redhat", url: "https://www.oracle.com/security-alerts/cpuoct2024.html", }, ], title: "Kwetsbaarheden verholpen in Oracle Communications", tracking: { current_release_date: "2024-10-17T13:17:52.103171Z", id: "NCSC-2024-0414", initial_release_date: "2024-10-17T13:17:52.103171Z", revision_history: [ { date: "2024-10-17T13:17:52.103171Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635313", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:10.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635305", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:12.11.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635311", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:12.11.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635312", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:12.11.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635323", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:12.6.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670430", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:14.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674632", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:14.0.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674630", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:14.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635320", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674633", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:17.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670439", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635322", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670429", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670435", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670431", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670436", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670432", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635321", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635310", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635318", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674640", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674642", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670434", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635316", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674639", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635314", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674638", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674637", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635306", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:4.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635307", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:4.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635317", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:46.6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635319", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:46.6.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670438", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635324", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635315", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:5.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670433", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674641", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.0.1.10.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674635", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674636", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.1.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670437", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.1.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674631", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.1.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674634", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635308", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635309", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications__10.4.0.4", product: { name: "communications__10.4.0.4", product_id: "CSAFPID-1674629", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications__10.4.0.4:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.2", product: { name: "communications___23.4.2", product_id: "CSAFPID-1670442", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.2:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.3", product: { name: "communications___23.4.3", product_id: "CSAFPID-1635325", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.3:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.4", product: { name: "communications___23.4.4", product_id: "CSAFPID-1635326", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.4:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.5", product: { name: "communications___23.4.5", product_id: "CSAFPID-1674645", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.5:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.6", product: { name: "communications___23.4.6", product_id: "CSAFPID-1674646", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.6:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___24.2.0", product: { name: "communications___24.2.0", product_id: "CSAFPID-1674644", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___24.2.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___7.2.1.0.0", product: { name: "communications___7.2.1.0.0", product_id: "CSAFPID-1670441", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___7.2.1.0.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___8.6.0.6", product: { name: "communications___8.6.0.6", product_id: "CSAFPID-1635327", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___8.6.0.6:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___8.6.0.8", product: { name: "communications___8.6.0.8", product_id: "CSAFPID-1635328", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___8.6.0.8:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___9.0.2", product: { name: "communications___9.0.2", product_id: "CSAFPID-1670440", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___9.0.2:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___9.0.3", product: { name: "communications___9.0.3", product_id: "CSAFPID-1635329", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___9.0.3:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___9.1.1.8.0", product: { name: "communications___9.1.1.8.0", product_id: "CSAFPID-1674643", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___9.1.1.8.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674621", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674618", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:6.0.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674619", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674622", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674617", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.4.3.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674623", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674620", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___12.0.6.0.0", product: { name: "communications_applications___12.0.6.0.0", product_id: "CSAFPID-1674627", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___12.0.6.0.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___5.5.22", product: { name: "communications_applications___5.5.22", product_id: "CSAFPID-1674626", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___5.5.22:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___6.0.3", product: { name: "communications_applications___6.0.3", product_id: "CSAFPID-1674628", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___6.0.3:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___6.0.4", product: { name: "communications_applications___6.0.4", product_id: "CSAFPID-1674624", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___6.0.4:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___6.0.5", product: { name: "communications_applications___6.0.5", product_id: "CSAFPID-1674625", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___6.0.5:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_asap", product: { name: "communications_asap", product_id: "CSAFPID-204629", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_asap", product: { name: "communications_asap", product_id: "CSAFPID-1673475", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_asap:7.4.3.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_asap", product: { name: "communications_asap", product_id: "CSAFPID-816792", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-764735", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-1650734", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4.0-12.0.0.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-204639", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-204627", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-816793", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-912557", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management__-_elastic_charging_engine", product: { name: "communications_billing_and_revenue_management__-_elastic_charging_engine", product_id: "CSAFPID-219835", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management__-_elastic_charging_engine:12.0.0.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-764247", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-209548", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:11.3.0.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-209549", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:11.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-41194", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-1650820", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.4-12.0.0.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-765241", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-209546", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-209550", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-498607", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12:0.0.5.0:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-912556", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_calendar_server", product: { name: "communications_calendar_server", product_id: "CSAFPID-764736", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_calendar_server:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_calendar_server", product: { name: "communications_calendar_server", product_id: "CSAFPID-220190", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_configuration_console", product: { name: "communications_cloud_native_configuration_console", product_id: "CSAFPID-391501", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_configuration_console:22.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_configuration_console", product: { name: "communications_cloud_native_configuration_console", product_id: "CSAFPID-440102", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_configuration_console:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-89545", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-180215", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-180197", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-220548", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-41516", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-41515", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-220057", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-220055", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-220909", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-816765", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-816766", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-816767", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-1503577", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-1673416", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-1673516", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-1673412", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:24.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-1673411", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:24.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-764237", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-2045", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-40612", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-608629", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-93784", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1899", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-41111", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1685", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-493445", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-294401", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-220547", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-764824", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-220459", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-45184", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-45182", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-45181", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-611405", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-611403", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-611404", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1650752", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1673396", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-912066", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1503323", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_certificate_management", product: { name: "communications_cloud_native_core_certificate_management", product_id: "CSAFPID-1673526", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_certificate_management", product: { name: "communications_cloud_native_core_certificate_management", product_id: "CSAFPID-1673391", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_certificate_management", product: { name: "communications_cloud_native_core_certificate_management", product_id: "CSAFPID-1673394", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-165550", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-93546", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-180195", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-40299", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-187447", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-45186", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-45185", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-220559", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-220558", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-764238", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-764239", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-816768", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-816769", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-912085", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-1503578", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-1673389", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-1673390", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_dbtier", product: { name: "communications_cloud_native_core_dbtier", product_id: "CSAFPID-1673421", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_dbtier", product: { name: "communications_cloud_native_core_dbtier", product_id: "CSAFPID-1673420", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-764825", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:22.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-816770", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-816771", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-912068", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-1503579", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-180201", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-1900", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-760687", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-40947", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-93635", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-503534", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-90018", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-220327", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-94290", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-220325", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-614513", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-643776", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-816772", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-912076", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-1503580", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-40613", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-2044", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-40301", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-180194", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-449747", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-40298", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-223527", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-449746", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-503493", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-260394", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-219838", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-611387", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-618156", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-816773", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912101", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-1673473", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0-24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-1503581", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912539", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912540", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912541", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912542", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912543", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-40611", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-40609", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-180198", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-41112", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-41110", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-760688", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-493444", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-93633", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-220056", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-223511", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-216017", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-220889", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-614516", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-816774", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-220918", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-614515", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-614514", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-816346", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-912077", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-1503322", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-1673413", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-1673415", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:24.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-816775", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-912544", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-40608", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-180199", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-41113", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-260395", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-260393", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-816348", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-912545", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-816347", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-1673494", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-1673501", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:24.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-816776", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-816777", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-764240", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-220468", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.11.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-2310", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-93547", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-180200", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-180193", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1898", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-93636", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-90020", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-90015", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-220133", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1650751", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1673517", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1673395", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-912069", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-765371", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:all_supported_s:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-180216", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-180202", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-40300", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-93653", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-40949", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-642000", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-93634", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-220561", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-90021", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-94292", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-218028", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-220881", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-94291", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-220910", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-220324", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-611401", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-816778", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-614517", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-912547", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-1673392", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-1503582", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-1673393", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-912546", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-40610", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-611587", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-642002", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.2.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-493443", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-642001", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-224796", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-224795", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-912548", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-912102", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-912549", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1503583", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1503584", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1503585", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1672767", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-180217", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-180196", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-165576", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-40297", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-764899", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-589926", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-179780", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-40948", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-589925", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-179779", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-764826", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-90019", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-90016", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-220326", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-764241", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-912078", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-816349", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-912550", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1503586", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1503587", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1673399", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-816779", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:_signaling___23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_contacts_server", product: { name: "communications_contacts_server", product_id: "CSAFPID-764737", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_contacts_server:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_contacts_server", product: { name: "communications_contacts_server", product_id: "CSAFPID-224787", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_contacts_server", product: { name: "communications_contacts_server", product_id: "CSAFPID-220189", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_application_server", product: { name: "communications_converged_application_server", product_id: "CSAFPID-764827", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_application_server:7.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_application_server", product: { name: "communications_converged_application_server", product_id: "CSAFPID-764828", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_application_server:8.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_application_server_-_service_controller", product: { name: "communications_converged_application_server_-_service_controller", product_id: "CSAFPID-764734", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_application_server_-_service_controller", product: { name: "communications_converged_application_server_-_service_controller", product_id: "CSAFPID-426842", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_charging_system", product: { name: "communications_converged_charging_system", product_id: "CSAFPID-1503599", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_charging_system", product: { name: "communications_converged_charging_system", product_id: "CSAFPID-1503600", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-345031", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-204635", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-764833", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.3.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-224793", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-816794", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.3.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-342793", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-1650777", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.1.0.0-12.0.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-1265", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-764248", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-816350", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-1261", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_core_session_manager", product: { name: "communications_core_session_manager", product_id: "CSAFPID-110244", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_core_session_manager:8.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_core_session_manager", product: { name: "communications_core_session_manager", product_id: "CSAFPID-110242", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_core_session_manager:8.4.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_core_session_manager", product: { name: "communications_core_session_manager", product_id: "CSAFPID-93777", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_core_session_manager:8.45:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_core_session_manager", product: { name: "communications_core_session_manager", product_id: "CSAFPID-1672764", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_core_session_manager:9.1.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_core_session_manager", product: { name: "communications_core_session_manager", product_id: "CSAFPID-93772", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_core_session_manager:9.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_data_model", product: { name: "communications_data_model", product_id: "CSAFPID-764902", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_data_model:12.2.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-765372", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-342799", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-704412", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:7.4.0.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-704411", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:7.4.1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-165544", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:7.4.2.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-704410", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:7.4.2.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-41183", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:7.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_intelligence_hub", product: { name: "communications_diameter_intelligence_hub", product_id: "CSAFPID-342802", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_intelligence_hub", product: { name: "communications_diameter_intelligence_hub", product_id: "CSAFPID-764829", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:8.2.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1503588", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1892", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1891", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1888", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1887", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1889", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1884", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1885", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1882", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1881", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4.0.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1883", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1879", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.5.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1880", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-40293", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1650826", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.4-8.6.0.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1650830", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.4-8.6.0.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-611413", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-912551", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-912552", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_application_processor", product: { name: "communications_eagle_application_processor", product_id: "CSAFPID-1673417", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_application_processor:17.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_application_processor", product: { name: "communications_eagle_application_processor", product_id: "CSAFPID-765369", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_application_processor:all_supported_s:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_element_management_system", product: { name: "communications_eagle_element_management_system", product_id: "CSAFPID-1503316", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_element_management_system", product: { name: "communications_eagle_element_management_system", product_id: "CSAFPID-1503317", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_element_management_system", product: { name: "communications_eagle_element_management_system", product_id: "CSAFPID-204528", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_ftp_table_base_retrieval", product: { name: "communications_eagle_ftp_table_base_retrieval", product_id: "CSAFPID-204623", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_lnp_application_processor", product: { name: "communications_eagle_lnp_application_processor", product_id: "CSAFPID-352633", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_lnp_application_processor", product: { name: "communications_eagle_lnp_application_processor", product_id: "CSAFPID-352632", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_software", product: { name: "communications_eagle_software", product_id: "CSAFPID-765366", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_software:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_software", product: { name: "communications_eagle_software", product_id: "CSAFPID-765365", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_software:46.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_elastic_charging_engine", product: { name: "communications_elastic_charging_engine", product_id: "CSAFPID-764834", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_elastic_charging_engine:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-764242", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-204597", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-204580", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-9226", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-204589", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.2.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-9070", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-8845", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-204624", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.2.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-2286", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-204464", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.2.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-345038", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-93629", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-611422", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-93630", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-816780", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.4.53:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_evolved_communications_application_server", product: { name: "communications_evolved_communications_application_server", product_id: "CSAFPID-204645", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_fraud_monitor", product: { name: "communications_fraud_monitor", product_id: "CSAFPID-816781", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_fraud_monitor:5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_fraud_monitor", product: { name: "communications_fraud_monitor", product_id: "CSAFPID-816782", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_fraud_monitor:5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_fraud_monitor", product: { name: "communications_fraud_monitor", product_id: "CSAFPID-912553", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_fraud_monitor:5.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_instant_messaging_server", product: { name: "communications_instant_messaging_server", product_id: "CSAFPID-207586", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_instant_messaging_server", product: { name: "communications_instant_messaging_server", product_id: "CSAFPID-234306", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_instant_messaging_server", product: { name: "communications_instant_messaging_server", product_id: "CSAFPID-219803", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_instant_messaging_server", product: { name: "communications_instant_messaging_server", product_id: "CSAFPID-387664", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_instant_messaging_server:8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_interactive_session_recorder", product: { name: "communications_interactive_session_recorder", product_id: "CSAFPID-1893", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_ip_service_activator", product: { name: "communications_ip_service_activator", product_id: "CSAFPID-204622", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_ip_service_activator", product: { name: "communications_ip_service_activator", product_id: "CSAFPID-219909", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_ip_service_activator:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_lsms", product: { name: "communications_lsms", product_id: "CSAFPID-1673065", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_lsms:14.0.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_messaging_server", product: { name: "communications_messaging_server", product_id: "CSAFPID-764835", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.20.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_messaging_server", product: { name: "communications_messaging_server", product_id: "CSAFPID-375182", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.21.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_messaging_server", product: { name: "communications_messaging_server", product_id: "CSAFPID-816351", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.24.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_messaging_server", product: { name: "communications_messaging_server", product_id: "CSAFPID-41182", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_metasolv_solution", product: { name: "communications_metasolv_solution", product_id: "CSAFPID-611595", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_metasolv_solution", product: { name: "communications_metasolv_solution", product_id: "CSAFPID-226017", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-220167", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816353", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.2.0.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-764243", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816352", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-1503589", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-1503590", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-1673414", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816783", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.2.0.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816786", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816784", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.2.0.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816787", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816785", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.2.0.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816788", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-342803", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-1650778", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.1.0.0-12.0.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-1266", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-764249", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-816354", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-204563", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_integrity", product: { name: "communications_network_integrity", product_id: "CSAFPID-220125", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_integrity", product: { name: "communications_network_integrity", product_id: "CSAFPID-245244", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_integrity", product: { name: "communications_network_integrity", product_id: "CSAFPID-219776", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_integrity", product: { name: "communications_network_integrity", product_id: "CSAFPID-204554", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_offline_mediation_controller", product: { name: "communications_offline_mediation_controller", product_id: "CSAFPID-765242", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-9489", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-110249", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-93781", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-220132", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-912079", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-224791", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.3.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-219898", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-224790", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-221118", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-179774", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-1673496", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_performance_intelligence", product: { name: "communications_performance_intelligence", product_id: "CSAFPID-1503591", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_performance_intelligence_center", product: { name: "communications_performance_intelligence_center", product_id: "CSAFPID-1673485", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_performance_intelligence_center:prior_to_10.4.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_performance_intelligence_center__pic__software", product: { name: "communications_performance_intelligence_center__pic__software", product_id: "CSAFPID-765367", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_performance_intelligence_center__pic__software", product: { name: "communications_performance_intelligence_center__pic__software", product_id: "CSAFPID-765368", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:10.4.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_performance_intelligence_center__pic__software", product: { name: "communications_performance_intelligence_center__pic__software", product_id: "CSAFPID-764830", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:10.4.0.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_policy_management", product: { name: "communications_policy_management", product_id: "CSAFPID-573035", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_policy_management:12.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_policy_management", product: { name: "communications_policy_management", product_id: "CSAFPID-45192", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_policy_management", product: { name: "communications_policy_management", product_id: "CSAFPID-611406", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_policy_management:12.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_policy_management", product: { name: "communications_policy_management", product_id: "CSAFPID-816789", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_policy_management", product: { name: "communications_policy_management", product_id: "CSAFPID-816790", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_pricing_design_center", product: { name: "communications_pricing_design_center", product_id: "CSAFPID-764738", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_pricing_design_center", product: { name: "communications_pricing_design_center", product_id: "CSAFPID-204595", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_pricing_design_center", product: { name: "communications_pricing_design_center", product_id: "CSAFPID-204590", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_pricing_design_center", product: { name: "communications_pricing_design_center", product_id: "CSAFPID-816355", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-1503601", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816359", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.0.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816358", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816357", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.2.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-912558", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-1503602", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816795", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.0.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816796", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816797", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.2.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_services_gatekeeper", product: { name: "communications_services_gatekeeper", product_id: "CSAFPID-608630", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1503592", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1503593", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-40294", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-40292", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1672762", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-40291", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1503594", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1503595", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-342804", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-704413", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:-:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2296", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-166028", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2294", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2292", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2290", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2288", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2282", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2285", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2279", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-204634", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-345039", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-93628", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-611423", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-93631", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-816791", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.4.53:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-342805", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-704414", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-166027", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2295", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2293", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2289", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2291", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2287", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2283", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2284", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2280", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2281", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-220414", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-204607", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_router", product: { name: "communications_session_router", product_id: "CSAFPID-764780", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_router:9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_router", product: { name: "communications_session_router", product_id: "CSAFPID-764781", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_router:9.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_subscriber-aware_load_balancer", product: { name: "communications_subscriber-aware_load_balancer", product_id: "CSAFPID-93775", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_subscriber-aware_load_balancer", product: { name: "communications_subscriber-aware_load_balancer", product_id: "CSAFPID-93774", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:9.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-240600", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1673382", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:5.5.0-5.5.22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-78764", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:5.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-78763", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:5.5.10:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1673070", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:5.5.22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1673381", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1650731", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1673530", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-764901", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-78762", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-78761", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-614089", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1673068", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-764739", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-204614", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-8984", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-204510", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-204569", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-219826", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-912073", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_session_manager", product: { name: "communications_unified_session_manager", product_id: "CSAFPID-110243", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_session_manager", product: { name: "communications_unified_session_manager", product_id: "CSAFPID-205759", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_session_manager:8.4.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1503596", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1503597", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1503598", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-764900", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-76994", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-568240", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-764782", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.6.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-355340", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.6.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-912080", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1673481", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:14.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_webrtc_session_controller", product: { name: "communications_webrtc_session_controller", product_id: "CSAFPID-912554", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_webrtc_session_controller", product: { name: "communications_webrtc_session_controller", product_id: "CSAFPID-611408", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_webrtc_session_controller", product: { name: "communications_webrtc_session_controller", product_id: "CSAFPID-703515", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_webrtc_session_controller", product: { name: "communications_webrtc_session_controller", product_id: "CSAFPID-611407", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_webrtc_session_controller", product: { name: "communications_webrtc_session_controller", product_id: "CSAFPID-204456", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2021-37137", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-41182", "CSAFPID-209546", "CSAFPID-40608", "CSAFPID-180216", "CSAFPID-93547", "CSAFPID-180217", "CSAFPID-2310", "CSAFPID-40612", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45182", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-216017", "CSAFPID-764240", "CSAFPID-90021", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-94291", "CSAFPID-493443", "CSAFPID-224796", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-40293", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-93781", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-342793", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-342803", "CSAFPID-204563", "CSAFPID-221118", "CSAFPID-240600", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-1899", "CSAFPID-41111", "CSAFPID-40299", "CSAFPID-187447", "CSAFPID-1900", "CSAFPID-40301", "CSAFPID-180194", "CSAFPID-40298", "CSAFPID-41112", "CSAFPID-41110", "CSAFPID-41113", "CSAFPID-180193", "CSAFPID-1898", "CSAFPID-40300", "CSAFPID-611587", "CSAFPID-40297", "CSAFPID-110244", "CSAFPID-110242", "CSAFPID-9489", "CSAFPID-110249", "CSAFPID-40294", "CSAFPID-110243", "CSAFPID-204629", "CSAFPID-765241", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-41183", "CSAFPID-207586", "CSAFPID-765242", "CSAFPID-205759", "CSAFPID-1893", "CSAFPID-765365", "CSAFPID-765366", "CSAFPID-342804", "CSAFPID-342805", "CSAFPID-204456", "CSAFPID-1882", "CSAFPID-573035", "CSAFPID-204645", "CSAFPID-765367", "CSAFPID-765368", "CSAFPID-764242", "CSAFPID-76994", "CSAFPID-204623", "CSAFPID-352633", "CSAFPID-352632", "CSAFPID-765369", "CSAFPID-204528", "CSAFPID-342802", "CSAFPID-40610", "CSAFPID-40611", "CSAFPID-40609", "CSAFPID-180198", "CSAFPID-180196", "CSAFPID-180201", "CSAFPID-180202", "CSAFPID-40613", "CSAFPID-180199", "CSAFPID-93546", "CSAFPID-180195", "CSAFPID-180200", "CSAFPID-765371", "CSAFPID-89545", "CSAFPID-180215", "CSAFPID-180197", "CSAFPID-204639", "CSAFPID-204627", "CSAFPID-226017", "CSAFPID-219898", "CSAFPID-179774", "CSAFPID-342799", "CSAFPID-765372", "CSAFPID-220125", "CSAFPID-245244", "CSAFPID-204554", "CSAFPID-764739", "CSAFPID-204614", "CSAFPID-345031", "CSAFPID-204635", "CSAFPID-204595", "CSAFPID-204590", "CSAFPID-224787", "CSAFPID-1673381", "CSAFPID-1673382", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", ], }, references: [ { category: "self", summary: "CVE-2021-37137", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-37137.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-41182", "CSAFPID-209546", "CSAFPID-40608", "CSAFPID-180216", "CSAFPID-93547", "CSAFPID-180217", "CSAFPID-2310", "CSAFPID-40612", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45182", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-216017", "CSAFPID-764240", "CSAFPID-90021", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-94291", "CSAFPID-493443", "CSAFPID-224796", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-40293", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-93781", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-342793", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-342803", "CSAFPID-204563", "CSAFPID-221118", "CSAFPID-240600", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-1899", "CSAFPID-41111", "CSAFPID-40299", "CSAFPID-187447", "CSAFPID-1900", "CSAFPID-40301", "CSAFPID-180194", "CSAFPID-40298", "CSAFPID-41112", "CSAFPID-41110", "CSAFPID-41113", "CSAFPID-180193", "CSAFPID-1898", "CSAFPID-40300", "CSAFPID-611587", "CSAFPID-40297", "CSAFPID-110244", "CSAFPID-110242", "CSAFPID-9489", "CSAFPID-110249", "CSAFPID-40294", "CSAFPID-110243", "CSAFPID-204629", "CSAFPID-765241", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-41183", "CSAFPID-207586", "CSAFPID-765242", "CSAFPID-205759", "CSAFPID-1893", "CSAFPID-765365", "CSAFPID-765366", "CSAFPID-342804", "CSAFPID-342805", "CSAFPID-204456", "CSAFPID-1882", "CSAFPID-573035", "CSAFPID-204645", "CSAFPID-765367", "CSAFPID-765368", "CSAFPID-764242", "CSAFPID-76994", "CSAFPID-204623", "CSAFPID-352633", "CSAFPID-352632", "CSAFPID-765369", "CSAFPID-204528", "CSAFPID-342802", "CSAFPID-40610", "CSAFPID-40611", "CSAFPID-40609", "CSAFPID-180198", "CSAFPID-180196", "CSAFPID-180201", "CSAFPID-180202", "CSAFPID-40613", "CSAFPID-180199", "CSAFPID-93546", "CSAFPID-180195", "CSAFPID-180200", "CSAFPID-765371", "CSAFPID-89545", "CSAFPID-180215", "CSAFPID-180197", "CSAFPID-204639", "CSAFPID-204627", "CSAFPID-226017", "CSAFPID-219898", "CSAFPID-179774", "CSAFPID-342799", "CSAFPID-765372", "CSAFPID-220125", "CSAFPID-245244", "CSAFPID-204554", "CSAFPID-764739", "CSAFPID-204614", "CSAFPID-345031", "CSAFPID-204635", "CSAFPID-204595", "CSAFPID-204590", "CSAFPID-224787", "CSAFPID-1673381", "CSAFPID-1673382", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", ], }, ], title: "CVE-2021-37137", }, { cve: "CVE-2022-2068", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "other", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, ], product_status: { known_affected: [ "CSAFPID-40949", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45182", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-216017", "CSAFPID-764240", "CSAFPID-90021", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-94291", "CSAFPID-493443", "CSAFPID-224796", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-40293", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-93781", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-342793", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-342803", "CSAFPID-204563", "CSAFPID-221118", "CSAFPID-240600", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-40294", "CSAFPID-93631", "CSAFPID-764900", "CSAFPID-568240", "CSAFPID-355340", "CSAFPID-703515", "CSAFPID-204456", "CSAFPID-764735", "CSAFPID-204635", "CSAFPID-41183", "CSAFPID-234306", "CSAFPID-41182", "CSAFPID-226017", "CSAFPID-219898", "CSAFPID-179774", "CSAFPID-764738", "CSAFPID-764901", "CSAFPID-764902", "CSAFPID-220547", "CSAFPID-187447", "CSAFPID-760687", "CSAFPID-40947", "CSAFPID-2044", "CSAFPID-449747", "CSAFPID-40301", "CSAFPID-449746", "CSAFPID-40298", "CSAFPID-223527", "CSAFPID-760688", "CSAFPID-93636", "CSAFPID-40300", "CSAFPID-93653", "CSAFPID-642000", "CSAFPID-642002", "CSAFPID-642001", "CSAFPID-165576", "CSAFPID-764899", "CSAFPID-40948", "CSAFPID-426842", "CSAFPID-93630", "CSAFPID-204645", "CSAFPID-1893", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2022-2068", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-2068.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-40949", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45182", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-216017", "CSAFPID-764240", "CSAFPID-90021", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-94291", "CSAFPID-493443", "CSAFPID-224796", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-40293", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-93781", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-342793", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-342803", "CSAFPID-204563", "CSAFPID-221118", "CSAFPID-240600", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-40294", "CSAFPID-93631", "CSAFPID-764900", "CSAFPID-568240", "CSAFPID-355340", "CSAFPID-703515", "CSAFPID-204456", "CSAFPID-764735", "CSAFPID-204635", "CSAFPID-41183", "CSAFPID-234306", "CSAFPID-41182", "CSAFPID-226017", "CSAFPID-219898", "CSAFPID-179774", "CSAFPID-764738", "CSAFPID-764901", "CSAFPID-764902", "CSAFPID-220547", "CSAFPID-187447", "CSAFPID-760687", "CSAFPID-40947", "CSAFPID-2044", "CSAFPID-449747", "CSAFPID-40301", "CSAFPID-449746", "CSAFPID-40298", "CSAFPID-223527", "CSAFPID-760688", "CSAFPID-93636", "CSAFPID-40300", "CSAFPID-93653", "CSAFPID-642000", "CSAFPID-642002", "CSAFPID-642001", "CSAFPID-165576", "CSAFPID-764899", "CSAFPID-40948", "CSAFPID-426842", "CSAFPID-93630", "CSAFPID-204645", "CSAFPID-1893", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2022-2068", }, { cve: "CVE-2022-2601", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2022-2601", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-2601.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2022-2601", }, { cve: "CVE-2022-23437", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], product_status: { known_affected: [ "CSAFPID-204629", "CSAFPID-704410", "CSAFPID-704411", "CSAFPID-704412", "CSAFPID-226017", "CSAFPID-179774", "CSAFPID-219898", "CSAFPID-219826", "CSAFPID-204569", "CSAFPID-204510", "CSAFPID-220057", "CSAFPID-220055", "CSAFPID-220909", "CSAFPID-45184", "CSAFPID-45182", "CSAFPID-220559", "CSAFPID-220558", "CSAFPID-220327", "CSAFPID-220325", "CSAFPID-219838", "CSAFPID-220056", "CSAFPID-223511", "CSAFPID-216017", "CSAFPID-220889", "CSAFPID-220918", "CSAFPID-90020", "CSAFPID-90015", "CSAFPID-220133", "CSAFPID-220561", "CSAFPID-90021", "CSAFPID-220881", "CSAFPID-94291", "CSAFPID-220910", "CSAFPID-220324", "CSAFPID-224796", "CSAFPID-224795", "CSAFPID-220326", "CSAFPID-764734", "CSAFPID-40293", "CSAFPID-220167", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764736", "CSAFPID-764737", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-219803", "CSAFPID-375182", "CSAFPID-342803", "CSAFPID-1266", "CSAFPID-219776", "CSAFPID-224791", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-764738", "CSAFPID-240600", "CSAFPID-764739", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-764240", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-493443", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-204563", "CSAFPID-8984", "CSAFPID-220548", "CSAFPID-608629", "CSAFPID-93784", "CSAFPID-41111", "CSAFPID-1685", "CSAFPID-493445", "CSAFPID-294401", "CSAFPID-220547", "CSAFPID-764824", "CSAFPID-220459", "CSAFPID-764825", "CSAFPID-93635", "CSAFPID-503534", "CSAFPID-503493", "CSAFPID-493444", "CSAFPID-93633", "CSAFPID-260395", "CSAFPID-260393", "CSAFPID-220468", "CSAFPID-93636", "CSAFPID-93634", "CSAFPID-589926", "CSAFPID-179780", "CSAFPID-589925", "CSAFPID-179779", "CSAFPID-764826", "CSAFPID-764827", "CSAFPID-764828", "CSAFPID-764829", "CSAFPID-764830", "CSAFPID-220190", "CSAFPID-220189", "CSAFPID-764833", "CSAFPID-41183", "CSAFPID-764834", "CSAFPID-234306", "CSAFPID-764835", "CSAFPID-187447", "CSAFPID-760687", "CSAFPID-40947", "CSAFPID-2044", "CSAFPID-449747", "CSAFPID-40301", "CSAFPID-449746", "CSAFPID-40298", "CSAFPID-223527", "CSAFPID-760688", "CSAFPID-40300", "CSAFPID-93653", "CSAFPID-40949", "CSAFPID-642000", "CSAFPID-642002", "CSAFPID-642001", "CSAFPID-165576", "CSAFPID-764899", "CSAFPID-40948", "CSAFPID-426842", "CSAFPID-93630", "CSAFPID-204645", "CSAFPID-1893", "CSAFPID-40294", "CSAFPID-93631", "CSAFPID-764900", "CSAFPID-568240", "CSAFPID-355340", "CSAFPID-703515", "CSAFPID-204456", "CSAFPID-204635", "CSAFPID-41182", "CSAFPID-764901", "CSAFPID-764902", "CSAFPID-1899", "CSAFPID-40299", "CSAFPID-1900", "CSAFPID-180194", "CSAFPID-41112", "CSAFPID-41110", "CSAFPID-41113", "CSAFPID-180193", "CSAFPID-1898", "CSAFPID-611587", "CSAFPID-40297", "CSAFPID-110244", "CSAFPID-110242", "CSAFPID-9489", "CSAFPID-110249", "CSAFPID-110243", "CSAFPID-765241", "CSAFPID-209546", "CSAFPID-207586", "CSAFPID-765242", "CSAFPID-205759", "CSAFPID-765365", "CSAFPID-765366", "CSAFPID-342804", "CSAFPID-342805", "CSAFPID-1882", "CSAFPID-573035", "CSAFPID-765367", "CSAFPID-765368", "CSAFPID-764242", "CSAFPID-76994", "CSAFPID-204623", "CSAFPID-352633", "CSAFPID-352632", "CSAFPID-765369", "CSAFPID-204528", "CSAFPID-342802", "CSAFPID-40610", "CSAFPID-40611", "CSAFPID-40609", "CSAFPID-180198", "CSAFPID-180217", "CSAFPID-180196", "CSAFPID-40612", "CSAFPID-180201", "CSAFPID-180216", "CSAFPID-180202", "CSAFPID-40613", "CSAFPID-40608", "CSAFPID-180199", "CSAFPID-93546", "CSAFPID-180195", "CSAFPID-2310", "CSAFPID-93547", "CSAFPID-180200", "CSAFPID-765371", "CSAFPID-89545", "CSAFPID-180215", "CSAFPID-180197", "CSAFPID-204639", "CSAFPID-204627", "CSAFPID-342799", "CSAFPID-765372", "CSAFPID-220125", "CSAFPID-245244", "CSAFPID-204554", "CSAFPID-204614", "CSAFPID-345031", "CSAFPID-204595", "CSAFPID-204590", "CSAFPID-224787", "CSAFPID-1673065", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2022-23437", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-23437.json", }, ], title: "CVE-2022-23437", }, { cve: "CVE-2022-36760", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, notes: [ { category: "other", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, ], product_status: { known_affected: [ "CSAFPID-220057", "CSAFPID-220055", "CSAFPID-220909", "CSAFPID-45184", "CSAFPID-45182", "CSAFPID-220559", "CSAFPID-220558", "CSAFPID-220327", "CSAFPID-220325", "CSAFPID-219838", "CSAFPID-220056", "CSAFPID-223511", "CSAFPID-216017", "CSAFPID-220889", "CSAFPID-220918", "CSAFPID-90020", "CSAFPID-90015", "CSAFPID-220133", "CSAFPID-220561", "CSAFPID-90021", "CSAFPID-220881", "CSAFPID-94291", "CSAFPID-220910", "CSAFPID-220324", "CSAFPID-224796", "CSAFPID-224795", "CSAFPID-220326", "CSAFPID-764734", "CSAFPID-40293", "CSAFPID-220167", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764736", "CSAFPID-764737", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-704412", "CSAFPID-704411", "CSAFPID-704410", "CSAFPID-219803", "CSAFPID-375182", "CSAFPID-342803", "CSAFPID-1266", "CSAFPID-219776", "CSAFPID-224791", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-764738", "CSAFPID-240600", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-764240", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-493443", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-204563", "CSAFPID-8984", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2022-36760", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-36760.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-220057", "CSAFPID-220055", "CSAFPID-220909", "CSAFPID-45184", "CSAFPID-45182", "CSAFPID-220559", "CSAFPID-220558", "CSAFPID-220327", "CSAFPID-220325", "CSAFPID-219838", "CSAFPID-220056", "CSAFPID-223511", "CSAFPID-216017", "CSAFPID-220889", "CSAFPID-220918", "CSAFPID-90020", "CSAFPID-90015", "CSAFPID-220133", "CSAFPID-220561", "CSAFPID-90021", "CSAFPID-220881", "CSAFPID-94291", "CSAFPID-220910", "CSAFPID-220324", "CSAFPID-224796", "CSAFPID-224795", "CSAFPID-220326", "CSAFPID-764734", "CSAFPID-40293", "CSAFPID-220167", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764736", "CSAFPID-764737", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-704412", "CSAFPID-704411", "CSAFPID-704410", "CSAFPID-219803", "CSAFPID-375182", "CSAFPID-342803", "CSAFPID-1266", "CSAFPID-219776", "CSAFPID-224791", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-764738", "CSAFPID-240600", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-764240", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-493443", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-204563", "CSAFPID-8984", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2022-36760", }, { cve: "CVE-2023-2953", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1673391", "CSAFPID-1673392", "CSAFPID-1673393", "CSAFPID-1673394", "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2023-2953", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-2953.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1673391", "CSAFPID-1673392", "CSAFPID-1673393", "CSAFPID-1673394", "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2023-2953", }, { cve: "CVE-2023-3635", cwe: { id: "CWE-195", name: "Signed to Unsigned Conversion Error", }, notes: [ { category: "other", text: "Signed to Unsigned Conversion Error", title: "CWE-195", }, { category: "other", text: "Uncaught Exception", title: "CWE-248", }, ], product_status: { known_affected: [ "CSAFPID-94291", "CSAFPID-40293", "CSAFPID-204622", "CSAFPID-1265", "CSAFPID-1261", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-1673399", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-219909", "CSAFPID-220558", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-240600", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611401", "CSAFPID-611406", "CSAFPID-611407", "CSAFPID-611408", "CSAFPID-611413", "CSAFPID-611595", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-219803", "CSAFPID-219838", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-342803", "CSAFPID-614513", "CSAFPID-614514", "CSAFPID-614515", "CSAFPID-614516", "CSAFPID-614517", "CSAFPID-618156", "CSAFPID-643776", "CSAFPID-764237", "CSAFPID-764238", "CSAFPID-764239", "CSAFPID-764240", "CSAFPID-764241", "CSAFPID-764242", "CSAFPID-764243", "CSAFPID-764247", "CSAFPID-764248", "CSAFPID-764249", "CSAFPID-816346", "CSAFPID-816347", "CSAFPID-816348", "CSAFPID-816349", "CSAFPID-816350", "CSAFPID-816351", "CSAFPID-816352", "CSAFPID-816353", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816776", "CSAFPID-816777", "CSAFPID-816778", "CSAFPID-816779", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-764735", "CSAFPID-764738", "CSAFPID-912073", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-912102", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", ], }, references: [ { category: "self", summary: "CVE-2023-3635", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-3635.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-94291", "CSAFPID-40293", "CSAFPID-204622", "CSAFPID-1265", "CSAFPID-1261", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-1673399", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-219909", "CSAFPID-220558", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-240600", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611401", "CSAFPID-611406", "CSAFPID-611407", "CSAFPID-611408", "CSAFPID-611413", "CSAFPID-611595", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-219803", "CSAFPID-219838", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-342803", "CSAFPID-614513", "CSAFPID-614514", "CSAFPID-614515", "CSAFPID-614516", "CSAFPID-614517", "CSAFPID-618156", "CSAFPID-643776", "CSAFPID-764237", "CSAFPID-764238", "CSAFPID-764239", "CSAFPID-764240", "CSAFPID-764241", "CSAFPID-764242", "CSAFPID-764243", "CSAFPID-764247", "CSAFPID-764248", "CSAFPID-764249", "CSAFPID-816346", "CSAFPID-816347", "CSAFPID-816348", "CSAFPID-816349", "CSAFPID-816350", "CSAFPID-816351", "CSAFPID-816352", "CSAFPID-816353", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816776", "CSAFPID-816777", "CSAFPID-816778", "CSAFPID-816779", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-764735", "CSAFPID-764738", "CSAFPID-912073", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-912102", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", ], }, ], title: "CVE-2023-3635", }, { cve: "CVE-2023-4043", cwe: { id: "CWE-834", name: "Excessive Iteration", }, notes: [ { category: "other", text: "Excessive Iteration", title: "CWE-834", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-219838", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816346", "CSAFPID-816776", "CSAFPID-816348", "CSAFPID-816777", "CSAFPID-816347", "CSAFPID-94291", "CSAFPID-816778", "CSAFPID-614517", "CSAFPID-816779", "CSAFPID-816349", "CSAFPID-40293", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816353", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816352", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-342804", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-224793", "CSAFPID-816794", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-219803", "CSAFPID-219909", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-240600", "CSAFPID-342803", "CSAFPID-611595", "CSAFPID-764738", "CSAFPID-816351", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-219826", "CSAFPID-764739", "CSAFPID-912073", "CSAFPID-912558", ], }, references: [ { category: "self", summary: "CVE-2023-4043", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4043.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-219838", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816346", "CSAFPID-816776", "CSAFPID-816348", "CSAFPID-816777", "CSAFPID-816347", "CSAFPID-94291", "CSAFPID-816778", "CSAFPID-614517", "CSAFPID-816779", "CSAFPID-816349", "CSAFPID-40293", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816353", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816352", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-342804", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-224793", "CSAFPID-816794", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-219803", "CSAFPID-219909", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-240600", "CSAFPID-342803", "CSAFPID-611595", "CSAFPID-764738", "CSAFPID-816351", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-219826", "CSAFPID-764739", "CSAFPID-912073", "CSAFPID-912558", ], }, ], title: "CVE-2023-4043", }, { cve: "CVE-2023-5685", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2023-5685", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5685.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2023-5685", }, { cve: "CVE-2023-6597", cwe: { id: "CWE-61", name: "UNIX Symbolic Link (Symlink) Following", }, notes: [ { category: "other", text: "UNIX Symbolic Link (Symlink) Following", title: "CWE-61", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2023-6597", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6597.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2023-6597", }, { cve: "CVE-2023-6816", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2023-6816", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6816.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2023-6816", }, { cve: "CVE-2023-38408", cwe: { id: "CWE-94", name: "Improper Control of Generation of Code ('Code Injection')", }, notes: [ { category: "other", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-45182", "CSAFPID-40293", "CSAFPID-611406", "CSAFPID-764237", "CSAFPID-220558", "CSAFPID-764238", "CSAFPID-764239", "CSAFPID-614513", "CSAFPID-643776", "CSAFPID-611387", "CSAFPID-618156", "CSAFPID-614516", "CSAFPID-614515", "CSAFPID-614514", "CSAFPID-764240", "CSAFPID-94291", "CSAFPID-611401", "CSAFPID-614517", "CSAFPID-764241", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-764243", "CSAFPID-342804", "CSAFPID-611408", "CSAFPID-611407", "CSAFPID-764247", "CSAFPID-764248", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-611595", "CSAFPID-764249", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-240600", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2023-38408", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-38408.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-45182", "CSAFPID-40293", "CSAFPID-611406", "CSAFPID-764237", "CSAFPID-220558", "CSAFPID-764238", "CSAFPID-764239", "CSAFPID-614513", "CSAFPID-643776", "CSAFPID-611387", "CSAFPID-618156", "CSAFPID-614516", "CSAFPID-614515", "CSAFPID-614514", "CSAFPID-764240", "CSAFPID-94291", "CSAFPID-611401", "CSAFPID-614517", "CSAFPID-764241", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-764243", "CSAFPID-342804", "CSAFPID-611408", "CSAFPID-611407", "CSAFPID-764247", "CSAFPID-764248", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-611595", "CSAFPID-764249", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-240600", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2023-38408", }, { cve: "CVE-2023-43642", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-40293", "CSAFPID-1265", "CSAFPID-1261", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-1673395", "CSAFPID-94291", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-204622", "CSAFPID-219803", "CSAFPID-219838", "CSAFPID-219909", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-224793", "CSAFPID-240600", "CSAFPID-342793", "CSAFPID-342803", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-611595", "CSAFPID-614517", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764738", "CSAFPID-816346", "CSAFPID-816347", "CSAFPID-816348", "CSAFPID-816349", "CSAFPID-816350", "CSAFPID-816351", "CSAFPID-816352", "CSAFPID-816353", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816776", "CSAFPID-816777", "CSAFPID-816778", "CSAFPID-816779", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", ], }, references: [ { category: "self", summary: "CVE-2023-43642", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-43642.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-40293", "CSAFPID-1265", "CSAFPID-1261", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-1673395", "CSAFPID-94291", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-204622", "CSAFPID-219803", "CSAFPID-219838", "CSAFPID-219909", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-224793", "CSAFPID-240600", "CSAFPID-342793", "CSAFPID-342803", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-611595", "CSAFPID-614517", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764738", "CSAFPID-816346", "CSAFPID-816347", "CSAFPID-816348", "CSAFPID-816349", "CSAFPID-816350", "CSAFPID-816351", "CSAFPID-816352", "CSAFPID-816353", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816776", "CSAFPID-816777", "CSAFPID-816778", "CSAFPID-816779", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", ], }, ], title: "CVE-2023-43642", }, { cve: "CVE-2023-46136", cwe: { id: "CWE-407", name: "Inefficient Algorithmic Complexity", }, notes: [ { category: "other", text: "Inefficient Algorithmic Complexity", title: "CWE-407", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673411", "CSAFPID-912549", "CSAFPID-1673412", "CSAFPID-1673413", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1503590", "CSAFPID-1673393", "CSAFPID-1673395", "CSAFPID-220132", "CSAFPID-1503585", "CSAFPID-1673392", "CSAFPID-1503589", "CSAFPID-1673415", "CSAFPID-1673416", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2023-46136", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46136.json", }, ], scores: [ { cvss_v3: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673411", "CSAFPID-912549", "CSAFPID-1673412", "CSAFPID-1673413", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1503590", "CSAFPID-1673393", "CSAFPID-1673395", "CSAFPID-220132", "CSAFPID-1503585", "CSAFPID-1673392", "CSAFPID-1503589", "CSAFPID-1673415", "CSAFPID-1673416", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2023-46136", }, { cve: "CVE-2023-48795", cwe: { id: "CWE-222", name: "Truncation of Security-relevant Information", }, notes: [ { category: "other", text: "Truncation of Security-relevant Information", title: "CWE-222", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-219838", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816346", "CSAFPID-816776", "CSAFPID-816348", "CSAFPID-816777", "CSAFPID-816347", "CSAFPID-94291", "CSAFPID-816778", "CSAFPID-614517", "CSAFPID-816779", "CSAFPID-816349", "CSAFPID-40293", "CSAFPID-764242", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816353", "CSAFPID-816786", "CSAFPID-816352", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-219803", "CSAFPID-816351", "CSAFPID-611595", "CSAFPID-342803", "CSAFPID-1266", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673417", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-90016", "CSAFPID-764826", "CSAFPID-345038", "CSAFPID-912079", "CSAFPID-220132", "CSAFPID-93781", "CSAFPID-345039", "CSAFPID-912080", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-611413", "CSAFPID-240600", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-1503601", "CSAFPID-1503602", ], }, references: [ { category: "self", summary: "CVE-2023-48795", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-219838", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816346", "CSAFPID-816776", "CSAFPID-816348", "CSAFPID-816777", "CSAFPID-816347", "CSAFPID-94291", "CSAFPID-816778", "CSAFPID-614517", "CSAFPID-816779", "CSAFPID-816349", "CSAFPID-40293", "CSAFPID-764242", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816353", "CSAFPID-816786", "CSAFPID-816352", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-219803", "CSAFPID-816351", "CSAFPID-611595", "CSAFPID-342803", "CSAFPID-1266", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673417", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-90016", "CSAFPID-764826", "CSAFPID-345038", "CSAFPID-912079", "CSAFPID-220132", "CSAFPID-93781", "CSAFPID-345039", "CSAFPID-912080", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-611413", "CSAFPID-240600", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-1503601", "CSAFPID-1503602", ], }, ], title: "CVE-2023-48795", }, { cve: "CVE-2023-51775", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650751", "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2023-51775", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-51775.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650751", "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2023-51775", }, { cve: "CVE-2023-52428", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912073", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912102", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2023-52428", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52428.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912073", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912102", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2023-52428", }, { cve: "CVE-2024-0450", cwe: { id: "CWE-450", name: "Multiple Interpretations of UI Input", }, notes: [ { category: "other", text: "Multiple Interpretations of UI Input", title: "CWE-450", }, { category: "other", text: "Asymmetric Resource Consumption (Amplification)", title: "CWE-405", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-0450", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0450.json", }, ], scores: [ { cvss_v3: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-0450", }, { cve: "CVE-2024-2398", cwe: { id: "CWE-772", name: "Missing Release of Resource after Effective Lifetime", }, notes: [ { category: "other", text: "Missing Release of Resource after Effective Lifetime", title: "CWE-772", }, { category: "other", text: "Missing Release of Memory after Effective Lifetime", title: "CWE-401", }, ], product_status: { known_affected: [ "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1673399", "CSAFPID-1673391", "CSAFPID-1673394", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-2398", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2398.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1673399", "CSAFPID-1673391", "CSAFPID-1673394", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-2398", }, { cve: "CVE-2024-4577", cwe: { id: "CWE-88", name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", title: "CWE-88", }, { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, ], product_status: { known_affected: [ "CSAFPID-1650731", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-4577", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4577.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1650731", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-4577", }, { cve: "CVE-2024-4603", cwe: { id: "CWE-606", name: "Unchecked Input for Loop Condition", }, notes: [ { category: "other", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, ], product_status: { known_affected: [ "CSAFPID-1673391", "CSAFPID-1673394", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-4603", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4603.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673391", "CSAFPID-1673394", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-4603", }, { cve: "CVE-2024-5585", cwe: { id: "CWE-116", name: "Improper Encoding or Escaping of Output", }, notes: [ { category: "other", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "other", text: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", title: "CWE-88", }, ], product_status: { known_affected: [ "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", ], }, references: [ { category: "self", summary: "CVE-2024-5585", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5585.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", ], }, ], title: "CVE-2024-5585", }, { cve: "CVE-2024-5971", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, notes: [ { category: "other", text: "Uncontrolled Recursion", title: "CWE-674", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1673399", "CSAFPID-1673526", "CSAFPID-1673413", "CSAFPID-1673396", "CSAFPID-1673415", "CSAFPID-1673501", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-5971", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5971.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1673399", "CSAFPID-1673526", "CSAFPID-1673413", "CSAFPID-1673396", "CSAFPID-1673415", "CSAFPID-1673501", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-5971", }, { cve: "CVE-2024-6162", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673526", "CSAFPID-1673399", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-6162", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6162.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673526", "CSAFPID-1673399", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-6162", }, { cve: "CVE-2024-6387", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "other", text: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", title: "CWE-362", }, { category: "other", text: "Signal Handler Race Condition", title: "CWE-364", }, ], product_status: { known_affected: [ "CSAFPID-1503595", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-6387", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6387.json", }, ], title: "CVE-2024-6387", }, { cve: "CVE-2024-7254", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Uncontrolled Recursion", title: "CWE-674", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673391", "CSAFPID-1673394", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-7254", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7254.json", }, ], title: "CVE-2024-7254", }, { cve: "CVE-2024-7264", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1673530", "CSAFPID-1673382", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", ], }, references: [ { category: "self", summary: "CVE-2024-7264", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7264.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673530", "CSAFPID-1673382", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", ], }, ], title: "CVE-2024-7264", }, { cve: "CVE-2024-22020", product_status: { known_affected: [ "CSAFPID-912101", "CSAFPID-1673473", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-22020", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22020.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-912101", "CSAFPID-1673473", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-22020", }, { cve: "CVE-2024-22201", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673475", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-219776", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-224795", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2024-22201", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22201.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673475", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-219776", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-224795", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2024-22201", }, { cve: "CVE-2024-22257", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-764237", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-342804", "CSAFPID-912080", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2024-22257", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22257.json", }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-764237", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-342804", "CSAFPID-912080", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2024-22257", }, { cve: "CVE-2024-22262", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, notes: [ { category: "other", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650820", "CSAFPID-1650751", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-22262", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22262.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650820", "CSAFPID-1650751", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-22262", }, { cve: "CVE-2024-23672", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, notes: [ { category: "other", text: "Incomplete Cleanup", title: "CWE-459", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650826", "CSAFPID-1650731", "CSAFPID-1673382", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-614517", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2024-23672", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23672.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650826", "CSAFPID-1650731", "CSAFPID-1673382", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-614517", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2024-23672", }, { cve: "CVE-2024-23807", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650734", "CSAFPID-1650830", "CSAFPID-1650777", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-1650778", "CSAFPID-41182", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-23807", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23807.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650734", "CSAFPID-1650830", "CSAFPID-1650777", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-1650778", "CSAFPID-41182", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-23807", }, { cve: "CVE-2024-24549", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650826", "CSAFPID-1673382", "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-342804", "CSAFPID-912080", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2024-24549", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24549.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650826", "CSAFPID-1673382", "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-342804", "CSAFPID-912080", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2024-24549", }, { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650751", "CSAFPID-1650752", "CSAFPID-1673481", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-614517", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2024-25062", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25062.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650751", "CSAFPID-1650752", "CSAFPID-1673481", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-614517", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2024-25062", }, { cve: "CVE-2024-25638", cwe: { id: "CWE-345", name: "Insufficient Verification of Data Authenticity", }, notes: [ { category: "other", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, { category: "other", text: "Acceptance of Extraneous Untrusted Data With Trusted Data", title: "CWE-349", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-25638", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25638.json", }, ], scores: [ { cvss_v3: { baseScore: 8.9, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-25638", }, { cve: "CVE-2024-26308", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2024-26308", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26308.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2024-26308", }, { cve: "CVE-2024-28182", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Detection of Error Condition Without Action", title: "CWE-390", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1673485", "CSAFPID-1673393", "CSAFPID-1673394", "CSAFPID-1673389", "CSAFPID-1672767", "CSAFPID-1673391", "CSAFPID-1673392", "CSAFPID-1673415", "CSAFPID-1673390", "CSAFPID-1673413", "CSAFPID-1673395", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-28182", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28182.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1673485", "CSAFPID-1673393", "CSAFPID-1673394", "CSAFPID-1673389", "CSAFPID-1672767", "CSAFPID-1673391", "CSAFPID-1673392", "CSAFPID-1673415", "CSAFPID-1673390", "CSAFPID-1673413", "CSAFPID-1673395", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-28182", }, { cve: "CVE-2024-28849", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673414", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-28849", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28849.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673414", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-28849", }, { cve: "CVE-2024-29025", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673494", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-29025", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673494", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-29025", }, { cve: "CVE-2024-29133", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1650820", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-29133", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29133.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1650820", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-29133", }, { cve: "CVE-2024-29736", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, notes: [ { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, ], product_status: { known_affected: [ "CSAFPID-1673399", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-29736", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29736.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1673399", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-29736", }, { cve: "CVE-2024-29857", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], product_status: { known_affected: [ "CSAFPID-1673413", "CSAFPID-1673415", "CSAFPID-1673501", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-29857", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29857.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673413", "CSAFPID-1673415", "CSAFPID-1673501", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-29857", }, { cve: "CVE-2024-30251", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], product_status: { known_affected: [ "CSAFPID-912079", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-30251", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-30251.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-912079", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-30251", }, { cve: "CVE-2024-31080", cwe: { id: "CWE-126", name: "Buffer Over-read", }, notes: [ { category: "other", text: "Buffer Over-read", title: "CWE-126", }, { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-31080", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-31080.json", }, ], title: "CVE-2024-31080", }, { cve: "CVE-2024-31744", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673392", "CSAFPID-1673393", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-31744", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-31744.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673392", "CSAFPID-1673393", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-31744", }, { cve: "CVE-2024-32760", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-32760", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32760.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-32760", }, { cve: "CVE-2024-33602", cwe: { id: "CWE-466", name: "Return of Pointer Value Outside of Expected Range", }, notes: [ { category: "other", text: "Return of Pointer Value Outside of Expected Range", title: "CWE-466", }, { category: "other", text: "Improper Check or Handling of Exceptional Conditions", title: "CWE-703", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1673396", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1672762", "CSAFPID-1673395", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673494", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-33602", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33602.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1673396", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1672762", "CSAFPID-1673395", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673494", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-33602", }, { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, notes: [ { category: "other", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673481", "CSAFPID-1503596", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-34750", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34750.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673481", "CSAFPID-1503596", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-34750", }, { cve: "CVE-2024-37371", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, notes: [ { category: "other", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1673413", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1503590", "CSAFPID-1673393", "CSAFPID-1673395", "CSAFPID-1673399", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673392", "CSAFPID-1503589", "CSAFPID-1673415", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-37371", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37371.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1673413", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1503590", "CSAFPID-1673393", "CSAFPID-1673395", "CSAFPID-1673399", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673392", "CSAFPID-1503589", "CSAFPID-1673415", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-37371", }, { cve: "CVE-2024-37891", cwe: { id: "CWE-669", name: "Incorrect Resource Transfer Between Spheres", }, notes: [ { category: "other", text: "Incorrect Resource Transfer Between Spheres", title: "CWE-669", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-37891", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37891.json", }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-37891", }, { cve: "CVE-2024-38816", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], product_status: { known_affected: [ "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-38816", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38816.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-38816", }, { cve: "CVE-2024-39689", cwe: { id: "CWE-345", name: "Insufficient Verification of Data Authenticity", }, notes: [ { category: "other", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1673392", "CSAFPID-1673393", ], }, references: [ { category: "self", summary: "CVE-2024-39689", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39689.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1673392", "CSAFPID-1673393", ], }, ], title: "CVE-2024-39689", }, { cve: "CVE-2024-40898", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, notes: [ { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, ], product_status: { known_affected: [ "CSAFPID-1673516", "CSAFPID-1673411", "CSAFPID-1673412", "CSAFPID-1650731", "CSAFPID-1673382", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-40898", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40898.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1673516", "CSAFPID-1673411", "CSAFPID-1673412", "CSAFPID-1650731", "CSAFPID-1673382", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-40898", }, { cve: "CVE-2024-41817", cwe: { id: "CWE-427", name: "Uncontrolled Search Path Element", }, notes: [ { category: "other", text: "Uncontrolled Search Path Element", title: "CWE-427", }, ], product_status: { known_affected: [ "CSAFPID-1673382", "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1674625", ], }, references: [ { category: "self", summary: "CVE-2024-41817", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41817.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673382", "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1674625", ], }, ], title: "CVE-2024-41817", }, { cve: "CVE-2024-43044", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "other", text: "Improper Check for Unusual or Exceptional Conditions", title: "CWE-754", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673411", "CSAFPID-1673412", "CSAFPID-1673413", "CSAFPID-1673396", "CSAFPID-1673392", "CSAFPID-1673494", "CSAFPID-1673393", "CSAFPID-1673415", "CSAFPID-1673416", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-43044", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-43044.json", }, ], scores: [ { cvss_v3: { baseScore: 9, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673411", "CSAFPID-1673412", "CSAFPID-1673413", "CSAFPID-1673396", "CSAFPID-1673392", "CSAFPID-1673494", "CSAFPID-1673393", "CSAFPID-1673415", "CSAFPID-1673416", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-43044", }, { cve: "CVE-2024-45492", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-1673382", "CSAFPID-1673399", "CSAFPID-1650731", "CSAFPID-1673517", "CSAFPID-1673396", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-45492", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45492.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673382", "CSAFPID-1673399", "CSAFPID-1650731", "CSAFPID-1673517", "CSAFPID-1673396", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-45492", }, ], }
ncsc-2025-0027
Vulnerability from csaf_ncscnl
Notes
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Oracle heeft meerdere kwetsbaarheden verholpen in zijn producten, waaronder Oracle Fusion Middleware, Oracle WebLogic Server, en Oracle HTTP Server.", title: "Feiten", }, { category: "description", text: "De kwetsbaarheden bevinden zich in verschillende Oracle producten, waaronder Oracle WebLogic Server versies 12.2.1.4.0 en 14.1.1.0.0, die het mogelijk maken voor ongeauthenticeerde kwaadwillenden om toegang te krijgen tot kritieke gegevens. Dit kan leiden tot ernstige gevolgen voor de vertrouwelijkheid, integriteit en beschikbaarheid van de systemen. De kwetsbaarheid in Oracle HTTP Server versie 12.2.1.4.0 stelt kwaadwillenden in staat om ongeautoriseerde toegang te verkrijgen, met een CVSS-score van 5.3, terwijl de kwetsbaarheid in WebLogic Server een CVSS-score van 9.8 heeft, wat wijst op een kritieke impact. Kwaadwillenden kunnen ook gebruik maken van kwetsbaarheden in Oracle Fusion Middleware en andere producten om Denial-of-Service (DoS) aanvallen uit te voeren.", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)", title: "CWE-338", }, { category: "general", text: "Path Traversal: '.../...//'", title: "CWE-35", }, { category: "general", text: "Dependency on Vulnerable Third-Party Component", title: "CWE-1395", }, { category: "general", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, { category: "general", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "general", text: "Incorrect Permission Assignment for Critical Resource", title: "CWE-732", }, { category: "general", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, { category: "general", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "general", text: "Insertion of Sensitive Information into Log File", title: "CWE-532", }, { category: "general", text: "Use of Hard-coded Credentials", title: "CWE-798", }, { category: "general", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "general", text: "Improper Access Control", title: "CWE-284", }, { category: "general", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "general", text: "Improper Certificate Validation", title: "CWE-295", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "general", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "Improper Restriction of XML External Entity Reference", title: "CWE-611", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "general", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "general", text: "Stack-based Buffer Overflow", title: "CWE-121", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - cveprojectv5; nvd; oracle", url: "https://www.oracle.com/security-alerts/cpujan2025.html", }, ], title: "Kwetsbaarheden verholpen in Oracle Fusion Middleware", tracking: { current_release_date: "2025-01-22T13:36:27.908718Z", id: "NCSC-2025-0027", initial_release_date: "2025-01-22T13:36:27.908718Z", revision_history: [ { date: "2025-01-22T13:36:27.908718Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "http_server", product: { name: "http_server", product_id: "CSAFPID-93909", product_identification_helper: { cpe: "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "http_server", product: { name: "http_server", product_id: "CSAFPID-40303", product_identification_helper: { cpe: "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "http_server", product: { name: "http_server", product_id: "CSAFPID-912074", product_identification_helper: { cpe: "cpe:2.3:a:oracle:http_server:14.1.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fusion_middleware_mapviewer", product: { name: "fusion_middleware_mapviewer", product_id: "CSAFPID-226018", product_identification_helper: { cpe: "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fusion_middleware", product: { name: "fusion_middleware", product_id: "CSAFPID-1646487", product_identification_helper: { cpe: "cpe:2.3:a:oracle:fusion_middleware:-:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fusion_middleware", product: { name: "fusion_middleware", product_id: "CSAFPID-332789", product_identification_helper: { cpe: "cpe:2.3:a:oracle:fusion_middleware:11.1.1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fusion_middleware", product: { name: "fusion_middleware", product_id: "CSAFPID-1747074", product_identification_helper: { cpe: "cpe:2.3:a:oracle:fusion_middleware:12.2.1.19.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fusion_middleware", product: { name: "fusion_middleware", product_id: "CSAFPID-342815", product_identification_helper: { cpe: "cpe:2.3:a:oracle:fusion_middleware:12.2.1.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fusion_middleware", product: { name: "fusion_middleware", product_id: "CSAFPID-271904", product_identification_helper: { cpe: "cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fusion_middleware", product: { name: "fusion_middleware", product_id: "CSAFPID-503474", product_identification_helper: { cpe: "cpe:2.3:a:oracle:fusion_middleware:14.1.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fusion_middleware", product: { name: "fusion_middleware", product_id: "CSAFPID-1674670", product_identification_helper: { cpe: "cpe:2.3:a:oracle:fusion_middleware:8.5.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "weblogic_server", product: { name: "weblogic_server", product_id: "CSAFPID-3661", product_identification_helper: { cpe: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "weblogic_server", product: { name: "weblogic_server", product_id: "CSAFPID-3660", product_identification_helper: { cpe: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "weblogic_server", product: { name: "weblogic_server", product_id: "CSAFPID-1973", product_identification_helper: { cpe: "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "weblogic_server", product: { name: "weblogic_server", product_id: "CSAFPID-1751293", product_identification_helper: { cpe: "cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "security_service", product: { name: "security_service", product_id: "CSAFPID-199820", product_identification_helper: { cpe: "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_activity_monitoring", product: { name: "business_activity_monitoring", product_id: "CSAFPID-228157", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_activity_monitoring__bam_", product: { name: "business_activity_monitoring__bam_", product_id: "CSAFPID-764927", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_activity_monitoring__bam_:12.2.1.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_activity_monitoring__bam_", product: { name: "business_activity_monitoring__bam_", product_id: "CSAFPID-764928", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_activity_monitoring__bam_:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "identity_manager", product: { name: "identity_manager", product_id: "CSAFPID-220164", product_identification_helper: { cpe: "cpe:2.3:a:oracle:identity_manager:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "managed_file_transfer", product: { name: "managed_file_transfer", product_id: "CSAFPID-204581", product_identification_helper: { cpe: "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "middleware_common_libraries_and_tools", product: { name: "middleware_common_libraries_and_tools", product_id: "CSAFPID-94398", product_identification_helper: { cpe: "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "middleware_common_libraries_and_tools", product: { name: "middleware_common_libraries_and_tools", product_id: "CSAFPID-94309", product_identification_helper: { cpe: "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "middleware_common_libraries_and_tools", product: { name: "middleware_common_libraries_and_tools", product_id: "CSAFPID-94393", product_identification_helper: { cpe: "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:14.1.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_process_management_suite", product: { name: "business_process_management_suite", product_id: "CSAFPID-9043", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_process_management_suite", product: { name: "business_process_management_suite", product_id: "CSAFPID-9642", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "outside_in_technology", product: { name: "outside_in_technology", product_id: "CSAFPID-1260", product_identification_helper: { cpe: "cpe:2.3:a:oracle:outside_in_technology:8.5.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "outside_in_technology", product: { name: "outside_in_technology", product_id: "CSAFPID-912053", product_identification_helper: { cpe: "cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "webcenter_portal", product: { name: "webcenter_portal", product_id: "CSAFPID-135359", product_identification_helper: { cpe: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "webcenter_portal", product: { name: "webcenter_portal", product_id: "CSAFPID-45194", product_identification_helper: { cpe: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2019-12415", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, notes: [ { category: "other", text: "Improper Restriction of XML External Entity Reference", title: "CWE-611", }, ], product_status: { known_affected: [ "CSAFPID-45194", "CSAFPID-135359", "CSAFPID-1646487", "CSAFPID-9642", "CSAFPID-40303", "CSAFPID-220164", "CSAFPID-204581", "CSAFPID-94309", "CSAFPID-1260", "CSAFPID-3661", "CSAFPID-3660", "CSAFPID-1973", "CSAFPID-94393", "CSAFPID-226018", "CSAFPID-764927", "CSAFPID-764928", "CSAFPID-9043", "CSAFPID-93909", "CSAFPID-94398", ], }, references: [ { category: "self", summary: "CVE-2019-12415", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2019/CVE-2019-12415.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-45194", "CSAFPID-135359", "CSAFPID-1646487", "CSAFPID-9642", "CSAFPID-40303", "CSAFPID-220164", "CSAFPID-204581", "CSAFPID-94309", "CSAFPID-1260", "CSAFPID-3661", "CSAFPID-3660", "CSAFPID-1973", "CSAFPID-94393", "CSAFPID-226018", "CSAFPID-764927", "CSAFPID-764928", "CSAFPID-9043", "CSAFPID-93909", "CSAFPID-94398", ], }, ], title: "CVE-2019-12415", }, { cve: "CVE-2023-7272", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-3660", "CSAFPID-1973", ], }, references: [ { category: "self", summary: "CVE-2023-7272", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-7272.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-3660", "CSAFPID-1973", ], }, ], title: "CVE-2023-7272", }, { cve: "CVE-2023-38709", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, notes: [ { category: "other", text: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", title: "CWE-113", }, { category: "other", text: "Improper Validation of Specified Quantity in Input", title: "CWE-1284", }, ], product_status: { known_affected: [ "CSAFPID-228157", "CSAFPID-271904", "CSAFPID-40303", "CSAFPID-220164", "CSAFPID-94309", "CSAFPID-912053", "CSAFPID-45194", "CSAFPID-3660", "CSAFPID-1973", ], }, references: [ { category: "self", summary: "CVE-2023-38709", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-38709.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-228157", "CSAFPID-271904", "CSAFPID-40303", "CSAFPID-220164", "CSAFPID-94309", "CSAFPID-912053", "CSAFPID-45194", "CSAFPID-3660", "CSAFPID-1973", ], }, ], title: "CVE-2023-38709", }, { cve: "CVE-2023-39410", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1260", "CSAFPID-1973", "CSAFPID-3660", "CSAFPID-9642", "CSAFPID-40303", "CSAFPID-45194", "CSAFPID-94309", "CSAFPID-204581", "CSAFPID-220164", "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2023-39410", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-39410.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1260", "CSAFPID-1973", "CSAFPID-3660", "CSAFPID-9642", "CSAFPID-40303", "CSAFPID-45194", "CSAFPID-94309", "CSAFPID-204581", "CSAFPID-220164", "CSAFPID-271904", ], }, ], title: "CVE-2023-39410", }, { cve: "CVE-2023-44483", cwe: { id: "CWE-532", name: "Insertion of Sensitive Information into Log File", }, notes: [ { category: "other", text: "Insertion of Sensitive Information into Log File", title: "CWE-532", }, ], product_status: { known_affected: [ "CSAFPID-1260", "CSAFPID-1973", "CSAFPID-3660", "CSAFPID-9642", "CSAFPID-40303", "CSAFPID-45194", "CSAFPID-94309", "CSAFPID-204581", "CSAFPID-220164", "CSAFPID-271904", "CSAFPID-94393", "CSAFPID-226018", "CSAFPID-912053", "CSAFPID-912074", "CSAFPID-228157", ], }, references: [ { category: "self", summary: "CVE-2023-44483", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44483.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1260", "CSAFPID-1973", "CSAFPID-3660", "CSAFPID-9642", "CSAFPID-40303", "CSAFPID-45194", "CSAFPID-94309", "CSAFPID-204581", "CSAFPID-220164", "CSAFPID-271904", "CSAFPID-94393", "CSAFPID-226018", "CSAFPID-912053", "CSAFPID-912074", "CSAFPID-228157", ], }, ], title: "CVE-2023-44483", }, { cve: "CVE-2023-49582", cwe: { id: "CWE-732", name: "Incorrect Permission Assignment for Critical Resource", }, notes: [ { category: "other", text: "Incorrect Permission Assignment for Critical Resource", title: "CWE-732", }, { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, ], product_status: { known_affected: [ "CSAFPID-40303", ], }, references: [ { category: "self", summary: "CVE-2023-49582", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-49582.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-40303", ], }, ], title: "CVE-2023-49582", }, { cve: "CVE-2023-51775", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-332789", "CSAFPID-342815", "CSAFPID-1674670", "CSAFPID-503474", "CSAFPID-1260", "CSAFPID-1973", "CSAFPID-3660", "CSAFPID-40303", "CSAFPID-45194", "CSAFPID-94309", "CSAFPID-94393", "CSAFPID-204581", "CSAFPID-220164", "CSAFPID-226018", "CSAFPID-912053", "CSAFPID-912074", "CSAFPID-228157", "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2023-51775", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-51775.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-332789", "CSAFPID-342815", "CSAFPID-1674670", "CSAFPID-503474", "CSAFPID-1260", "CSAFPID-1973", "CSAFPID-3660", "CSAFPID-40303", "CSAFPID-45194", "CSAFPID-94309", "CSAFPID-94393", "CSAFPID-204581", "CSAFPID-220164", "CSAFPID-226018", "CSAFPID-912053", "CSAFPID-912074", "CSAFPID-228157", "CSAFPID-271904", ], }, ], title: "CVE-2023-51775", }, { cve: "CVE-2024-5535", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "other", text: "Dependency on Vulnerable Third-Party Component", title: "CWE-1395", }, ], product_status: { known_affected: [ "CSAFPID-40303", ], }, references: [ { category: "self", summary: "CVE-2024-5535", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5535.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-40303", ], }, ], title: "CVE-2024-5535", }, { cve: "CVE-2024-6119", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, notes: [ { category: "other", text: "Access of Resource Using Incompatible Type ('Type Confusion')", title: "CWE-843", }, ], product_status: { known_affected: [ "CSAFPID-40303", ], }, references: [ { category: "self", summary: "CVE-2024-6119", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6119.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-40303", ], }, ], title: "CVE-2024-6119", }, { cve: "CVE-2024-8096", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, notes: [ { category: "other", text: "Improper Certificate Validation", title: "CWE-295", }, ], product_status: { known_affected: [ "CSAFPID-40303", ], }, references: [ { category: "self", summary: "CVE-2024-8096", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-8096.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-40303", ], }, ], title: "CVE-2024-8096", }, { cve: "CVE-2024-23635", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-1260", "CSAFPID-1973", "CSAFPID-3660", "CSAFPID-40303", "CSAFPID-45194", "CSAFPID-94309", "CSAFPID-94393", "CSAFPID-204581", "CSAFPID-220164", "CSAFPID-226018", "CSAFPID-912053", "CSAFPID-912074", "CSAFPID-228157", "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2024-23635", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23635.json", }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1260", "CSAFPID-1973", "CSAFPID-3660", "CSAFPID-40303", "CSAFPID-45194", "CSAFPID-94309", "CSAFPID-94393", "CSAFPID-204581", "CSAFPID-220164", "CSAFPID-226018", "CSAFPID-912053", "CSAFPID-912074", "CSAFPID-228157", "CSAFPID-271904", ], }, ], title: "CVE-2024-23635", }, { cve: "CVE-2024-29857", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], product_status: { known_affected: [ "CSAFPID-228157", "CSAFPID-271904", "CSAFPID-40303", "CSAFPID-220164", "CSAFPID-94309", "CSAFPID-912053", "CSAFPID-45194", "CSAFPID-3660", "CSAFPID-1973", "CSAFPID-1747074", "CSAFPID-1674670", "CSAFPID-503474", ], }, references: [ { category: "self", summary: "CVE-2024-29857", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29857.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-228157", "CSAFPID-271904", "CSAFPID-40303", "CSAFPID-220164", "CSAFPID-94309", "CSAFPID-912053", "CSAFPID-45194", "CSAFPID-3660", "CSAFPID-1973", "CSAFPID-1747074", "CSAFPID-1674670", "CSAFPID-503474", ], }, ], title: "CVE-2024-29857", }, { cve: "CVE-2024-30171", cwe: { id: "CWE-208", name: "Observable Timing Discrepancy", }, notes: [ { category: "other", text: "Observable Timing Discrepancy", title: "CWE-208", }, { category: "other", text: "Observable Discrepancy", title: "CWE-203", }, ], product_status: { known_affected: [ "CSAFPID-228157", "CSAFPID-271904", "CSAFPID-40303", "CSAFPID-220164", "CSAFPID-94309", "CSAFPID-912053", "CSAFPID-45194", "CSAFPID-3660", "CSAFPID-1973", ], }, references: [ { category: "self", summary: "CVE-2024-30171", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-30171.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-228157", "CSAFPID-271904", "CSAFPID-40303", "CSAFPID-220164", "CSAFPID-94309", "CSAFPID-912053", "CSAFPID-45194", "CSAFPID-3660", "CSAFPID-1973", ], }, ], title: "CVE-2024-30171", }, { cve: "CVE-2024-30172", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], product_status: { known_affected: [ "CSAFPID-228157", "CSAFPID-271904", "CSAFPID-40303", "CSAFPID-220164", "CSAFPID-94309", "CSAFPID-912053", "CSAFPID-45194", "CSAFPID-3660", "CSAFPID-1973", ], }, references: [ { category: "self", summary: "CVE-2024-30172", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-30172.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-228157", "CSAFPID-271904", "CSAFPID-40303", "CSAFPID-220164", "CSAFPID-94309", "CSAFPID-912053", "CSAFPID-45194", "CSAFPID-3660", "CSAFPID-1973", ], }, ], title: "CVE-2024-30172", }, { cve: "CVE-2024-34447", cwe: { id: "CWE-706", name: "Use of Incorrectly-Resolved Name or Reference", }, notes: [ { category: "other", text: "Use of Incorrectly-Resolved Name or Reference", title: "CWE-706", }, ], product_status: { known_affected: [ "CSAFPID-228157", "CSAFPID-271904", "CSAFPID-40303", "CSAFPID-220164", "CSAFPID-94309", "CSAFPID-912053", "CSAFPID-45194", "CSAFPID-3660", "CSAFPID-1973", ], }, references: [ { category: "self", summary: "CVE-2024-34447", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34447.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-228157", "CSAFPID-271904", "CSAFPID-40303", "CSAFPID-220164", "CSAFPID-94309", "CSAFPID-912053", "CSAFPID-45194", "CSAFPID-3660", "CSAFPID-1973", ], }, ], title: "CVE-2024-34447", }, { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, notes: [ { category: "other", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-204581", ], }, references: [ { category: "self", summary: "CVE-2024-34750", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34750.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-204581", ], }, ], title: "CVE-2024-34750", }, { cve: "CVE-2024-37370", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, notes: [ { category: "other", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, ], product_status: { known_affected: [ "CSAFPID-199820", ], }, references: [ { category: "self", summary: "CVE-2024-37370", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37370.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-199820", ], }, ], title: "CVE-2024-37370", }, { cve: "CVE-2024-37371", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, notes: [ { category: "other", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, ], product_status: { known_affected: [ "CSAFPID-199820", ], }, references: [ { category: "self", summary: "CVE-2024-37371", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37371.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-199820", ], }, ], title: "CVE-2024-37371", }, { cve: "CVE-2024-38473", cwe: { id: "CWE-172", name: "Encoding Error", }, notes: [ { category: "other", text: "Encoding Error", title: "CWE-172", }, { category: "other", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, ], product_status: { known_affected: [ "CSAFPID-40303", ], }, references: [ { category: "self", summary: "CVE-2024-38473", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38473.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-40303", ], }, ], title: "CVE-2024-38473", }, { cve: "CVE-2024-38475", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, { category: "other", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, { category: "other", text: "Path Traversal: '.../...//'", title: "CWE-35", }, { category: "other", text: "Stack-based Buffer Overflow", title: "CWE-121", }, { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "other", text: "Use of Hard-coded Credentials", title: "CWE-798", }, { category: "other", text: "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)", title: "CWE-338", }, ], product_status: { known_affected: [ "CSAFPID-40303", ], }, references: [ { category: "self", summary: "CVE-2024-38475", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38475.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-40303", ], }, ], title: "CVE-2024-38475", }, { cve: "CVE-2024-38816", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "other", text: "Relative Path Traversal", title: "CWE-23", }, ], product_status: { known_affected: [ "CSAFPID-94309", "CSAFPID-220164", ], }, references: [ { category: "self", summary: "CVE-2024-38816", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38816.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-94309", "CSAFPID-220164", ], }, ], title: "CVE-2024-38816", }, { cve: "CVE-2024-38819", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], product_status: { known_affected: [ "CSAFPID-94309", "CSAFPID-220164", ], }, references: [ { category: "self", summary: "CVE-2024-38819", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38819.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-94309", "CSAFPID-220164", ], }, ], title: "CVE-2024-38819", }, { cve: "CVE-2024-38998", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, notes: [ { category: "other", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, ], product_status: { known_affected: [ "CSAFPID-228157", "CSAFPID-9642", "CSAFPID-226018", "CSAFPID-45194", ], }, references: [ { category: "self", summary: "CVE-2024-38998", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38998.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-228157", "CSAFPID-9642", "CSAFPID-226018", "CSAFPID-45194", ], }, ], title: "CVE-2024-38998", }, { cve: "CVE-2024-38999", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, notes: [ { category: "other", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, ], product_status: { known_affected: [ "CSAFPID-9642", "CSAFPID-228157", "CSAFPID-332789", "CSAFPID-342815", "CSAFPID-271904", "CSAFPID-1674670", "CSAFPID-503474", "CSAFPID-226018", "CSAFPID-45194", ], }, references: [ { category: "self", summary: "CVE-2024-38999", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38999.json", }, ], scores: [ { cvss_v3: { baseScore: 10, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-9642", "CSAFPID-228157", "CSAFPID-332789", "CSAFPID-342815", "CSAFPID-271904", "CSAFPID-1674670", "CSAFPID-503474", "CSAFPID-226018", "CSAFPID-45194", ], }, ], title: "CVE-2024-38999", }, { cve: "CVE-2024-40898", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, notes: [ { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, ], product_status: { known_affected: [ "CSAFPID-40303", ], }, references: [ { category: "self", summary: "CVE-2024-40898", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40898.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-40303", ], }, ], title: "CVE-2024-40898", }, { cve: "CVE-2024-45490", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "other", text: "Incorrect Calculation of Buffer Size", title: "CWE-131", }, { category: "other", text: "Improper Restriction of XML External Entity Reference", title: "CWE-611", }, ], product_status: { known_affected: [ "CSAFPID-912053", "CSAFPID-40303", ], }, references: [ { category: "self", summary: "CVE-2024-45490", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45490.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-912053", "CSAFPID-40303", ], }, ], title: "CVE-2024-45490", }, { cve: "CVE-2024-45491", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-912053", "CSAFPID-40303", ], }, references: [ { category: "self", summary: "CVE-2024-45491", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45491.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-912053", "CSAFPID-40303", ], }, ], title: "CVE-2024-45491", }, { cve: "CVE-2024-45492", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-912053", "CSAFPID-332789", "CSAFPID-342815", "CSAFPID-271904", "CSAFPID-1674670", "CSAFPID-503474", "CSAFPID-40303", ], }, references: [ { category: "self", summary: "CVE-2024-45492", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45492.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-912053", "CSAFPID-332789", "CSAFPID-342815", "CSAFPID-271904", "CSAFPID-1674670", "CSAFPID-503474", "CSAFPID-40303", ], }, ], title: "CVE-2024-45492", }, { cve: "CVE-2024-47072", cwe: { id: "CWE-121", name: "Stack-based Buffer Overflow", }, notes: [ { category: "other", text: "Stack-based Buffer Overflow", title: "CWE-121", }, { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, ], product_status: { known_affected: [ "CSAFPID-228157", ], }, references: [ { category: "self", summary: "CVE-2024-47072", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47072.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-228157", ], }, ], title: "CVE-2024-47072", }, { cve: "CVE-2024-47554", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1751293", "CSAFPID-45194", "CSAFPID-1973", "CSAFPID-3660", ], }, references: [ { category: "self", summary: "CVE-2024-47554", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47554.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1751293", "CSAFPID-45194", "CSAFPID-1973", "CSAFPID-3660", ], }, ], title: "CVE-2024-47554", }, { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, ], product_status: { known_affected: [ "CSAFPID-9642", ], }, references: [ { category: "self", summary: "CVE-2024-47561", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47561.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-9642", ], }, ], title: "CVE-2024-47561", }, { cve: "CVE-2025-21498", product_status: { known_affected: [ "CSAFPID-40303", ], }, references: [ { category: "self", summary: "CVE-2025-21498", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21498.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-40303", ], }, ], title: "CVE-2025-21498", }, { cve: "CVE-2025-21535", product_status: { known_affected: [ "CSAFPID-3660", "CSAFPID-1973", ], }, references: [ { category: "self", summary: "CVE-2025-21535", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21535.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-3660", "CSAFPID-1973", ], }, ], title: "CVE-2025-21535", }, { cve: "CVE-2025-21549", product_status: { known_affected: [ "CSAFPID-1973", ], }, references: [ { category: "self", summary: "CVE-2025-21549", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21549.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1973", ], }, ], title: "CVE-2025-21549", }, ], }
ncsc-2024-0411
Vulnerability from csaf_ncscnl
Notes
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Oracle heeft kwetsbaarheden verholpen in diverse Database producten en subsystemen, zoals de Core database, Application Express, Autonomous Health Framework, Essbase, GoldenGate, SQL Developer en Secure Backup.", title: "Feiten", }, { category: "description", text: "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n- Denial-of-Service (DoS)\n- Manipuleren van data\n- Toegang tot gevoelige gegevens", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, { category: "general", text: "Observable Timing Discrepancy", title: "CWE-208", }, { category: "general", text: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", title: "CWE-776", }, { category: "general", text: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", title: "CWE-88", }, { category: "general", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "general", text: "Excessive Iteration", title: "CWE-834", }, { category: "general", text: "Inefficient Algorithmic Complexity", title: "CWE-407", }, { category: "general", text: "Improper Handling of Case Sensitivity", title: "CWE-178", }, { category: "general", text: "Incorrect Permission Assignment for Critical Resource", title: "CWE-732", }, { category: "general", text: "Double Free", title: "CWE-415", }, { category: "general", text: "Missing Encryption of Sensitive Data", title: "CWE-311", }, { category: "general", text: "Uncontrolled Search Path Element", title: "CWE-427", }, { category: "general", text: "Encoding Error", title: "CWE-172", }, { category: "general", text: "Integer Overflow to Buffer Overflow", title: "CWE-680", }, { category: "general", text: "Untrusted Search Path", title: "CWE-426", }, { category: "general", text: "Access of Resource Using Incompatible Type ('Type Confusion')", title: "CWE-843", }, { category: "general", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, { category: "general", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, { category: "general", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, { category: "general", text: "Observable Discrepancy", title: "CWE-203", }, { category: "general", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "general", text: "Files or Directories Accessible to External Parties", title: "CWE-552", }, { category: "general", text: "Authorization Bypass Through User-Controlled Key", title: "CWE-639", }, { category: "general", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "CWE-275", title: "CWE-275", }, { category: "general", text: "Improper Access Control", title: "CWE-284", }, { category: "general", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "general", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, { category: "general", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, { category: "general", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "Missing Release of Memory after Effective Lifetime", title: "CWE-401", }, { category: "general", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "general", text: "Improper Certificate Validation", title: "CWE-295", }, { category: "general", text: "Exposure of Resource to Wrong Sphere", title: "CWE-668", }, { category: "general", text: "Inclusion of Functionality from Untrusted Control Sphere", title: "CWE-829", }, { category: "general", text: "Use of a Broken or Risky Cryptographic Algorithm", title: "CWE-327", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "general", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "general", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, { category: "general", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "general", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "general", text: "Stack-based Buffer Overflow", title: "CWE-121", }, { category: "general", text: "Incorrect Conversion between Numeric Types", title: "CWE-681", }, { category: "general", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, { category: "general", text: "Improper Privilege Management", title: "CWE-269", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Improper Neutralization of Alternate XSS Syntax", title: "CWE-87", }, { category: "general", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, { category: "general", text: "CWE-18", title: "CWE-18", }, { category: "general", text: "Covert Timing Channel", title: "CWE-385", }, { category: "general", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, { category: "general", text: "Integer Coercion Error", title: "CWE-192", }, { category: "general", text: "Detection of Error Condition Without Action", title: "CWE-390", }, { category: "general", text: "Improperly Controlled Sequential Memory Allocation", title: "CWE-1325", }, { category: "general", text: "Truncation of Security-relevant Information", title: "CWE-222", }, { category: "general", text: "Incorrect Calculation of Buffer Size", title: "CWE-131", }, { category: "general", text: "Improper Link Resolution Before File Access ('Link Following')", title: "CWE-59", }, { category: "general", text: "Missing Critical Step in Authentication", title: "CWE-304", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - cveprojectv5; hkcert; nvd; oracle; redhat", url: "https://www.oracle.com/security-alerts/cpuoct2024.html", }, ], title: "Kwetsbaarheden verholpen in Oracle Database producten", tracking: { current_release_date: "2024-10-17T13:15:19.595269Z", id: "NCSC-2024-0411", initial_release_date: "2024-10-17T13:15:19.595269Z", revision_history: [ { date: "2024-10-17T13:15:19.595269Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "database_-_grid", product: { name: "database_-_grid", product_id: "CSAFPID-1673504", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_grid:19.3-19.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_grid", product: { name: "database_-_grid", product_id: "CSAFPID-1673506", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_grid:21.3-21.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_core", product: { name: "database_-_core", product_id: "CSAFPID-1673386", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_core:19.3-19.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_core", product: { name: "database_-_core", product_id: "CSAFPID-1673385", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_core:21.3-21.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_core", product: { name: "database_-_core", product_id: "CSAFPID-1673442", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_core:23.4-23.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_security", product: { name: "database_-_security", product_id: "CSAFPID-1673507", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_security:19.3-19.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_security", product: { name: "database_-_security", product_id: "CSAFPID-1673509", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_security:21.3-21.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_security", product: { name: "database_-_security", product_id: "CSAFPID-1673508", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_security:23.4-23.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "spatial_and_graph_mapviewer", product: { name: "spatial_and_graph_mapviewer", product_id: "CSAFPID-912561", product_identification_helper: { cpe: "cpe:2.3:a:oracle:spatial_and_graph_mapviewer:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "spatial_and_graph", product: { name: "spatial_and_graph", product_id: "CSAFPID-764250", product_identification_helper: { cpe: "cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "spatial_and_graph", product: { name: "spatial_and_graph", product_id: "CSAFPID-1673511", product_identification_helper: { cpe: "cpe:2.3:a:oracle:spatial_and_graph:19.3-19.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "spatial_and_graph", product: { name: "spatial_and_graph", product_id: "CSAFPID-1673512", product_identification_helper: { cpe: "cpe:2.3:a:oracle:spatial_and_graph:21.3-21.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "spatial_and_graph", product: { name: "spatial_and_graph", product_id: "CSAFPID-816800", product_identification_helper: { cpe: "cpe:2.3:a:oracle:spatial_and_graph:23.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "spatial_and_graph", product: { name: "spatial_and_graph", product_id: "CSAFPID-1673529", product_identification_helper: { cpe: "cpe:2.3:a:oracle:spatial_and_graph:23.4-23.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fleet_patching_and_provisioning_-_micronaut", product: { name: "fleet_patching_and_provisioning_-_micronaut", product_id: "CSAFPID-1673492", product_identification_helper: { cpe: "cpe:2.3:a:oracle:fleet_patching_and_provisioning_-_micronaut:23.4-23.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fleet_patching_and_provisioning", product: { name: "fleet_patching_and_provisioning", product_id: "CSAFPID-1503603", product_identification_helper: { cpe: "cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_xml_database", product: { name: "database_-_xml_database", product_id: "CSAFPID-1673445", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_xml_database:19.3-19.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_xml_database", product: { name: "database_-_xml_database", product_id: "CSAFPID-1673443", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_xml_database:21.3-21.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_xml_database", product: { name: "database_-_xml_database", product_id: "CSAFPID-1673444", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_xml_database:23.4-23.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_java_vm", product: { name: "database_-_java_vm", product_id: "CSAFPID-1673451", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_java_vm:19.3-19.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_java_vm", product: { name: "database_-_java_vm", product_id: "CSAFPID-1673450", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_java_vm:21.3-21.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_java_vm", product: { name: "database_-_java_vm", product_id: "CSAFPID-1673452", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_java_vm:23.4-23.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "autonomous_health_framework", product: { name: "autonomous_health_framework", product_id: "CSAFPID-816798", product_identification_helper: { cpe: "cpe:2.3:a:oracle:autonomous_health_framework:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "autonomous_health_framework", product: { name: "autonomous_health_framework", product_id: "CSAFPID-816799", product_identification_helper: { cpe: "cpe:2.3:a:oracle:autonomous_health_framework:23.10:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "autonomous_health_framework", product: { name: "autonomous_health_framework", product_id: "CSAFPID-1673525", product_identification_helper: { cpe: "cpe:2.3:a:oracle:autonomous_health_framework:prior_to_24.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-912046", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-1503299", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-816855", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-816361", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-912045", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-1503302", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-912044", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-1503306", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-816852", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.12:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-912600", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-816853", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-912601", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-816854", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition22.3.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sqlcl", product: { name: "sqlcl", product_id: "CSAFPID-816801", product_identification_helper: { cpe: "cpe:2.3:a:oracle:sqlcl:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sqlcl", product: { name: "sqlcl", product_id: "CSAFPID-1673405", product_identification_helper: { cpe: "cpe:2.3:a:oracle:sqlcl:23.4-23.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "application_express_administration", product: { name: "application_express_administration", product_id: "CSAFPID-764731", product_identification_helper: { cpe: "cpe:2.3:a:oracle:application_express_administration:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "application_express_customers_plugin", product: { name: "application_express_customers_plugin", product_id: "CSAFPID-764732", product_identification_helper: { cpe: "cpe:2.3:a:oracle:application_express_customers_plugin:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "application_express_team_calendar_plugin", product: { name: "application_express_team_calendar_plugin", product_id: "CSAFPID-764733", product_identification_helper: { cpe: "cpe:2.3:a:oracle:application_express_team_calendar_plugin:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "application_express", product: { name: "application_express", product_id: "CSAFPID-266119", product_identification_helper: { cpe: "cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "application_express", product: { name: "application_express", product_id: "CSAFPID-1673510", product_identification_helper: { cpe: "cpe:2.3:a:oracle:application_express:23.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "application_express", product: { name: "application_express", product_id: "CSAFPID-1503575", product_identification_helper: { cpe: "cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "application_express", product: { name: "application_express", product_id: "CSAFPID-1673188", product_identification_helper: { cpe: "cpe:2.3:a:oracle:application_express:24.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "autonomous_health_framework", product: { name: "autonomous_health_framework", product_id: "CSAFPID-765238", product_identification_helper: { cpe: "cpe:2.3:a:oracle:autonomous_health_framework:19c:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "autonomous_health_framework", product: { name: "autonomous_health_framework", product_id: "CSAFPID-765239", product_identification_helper: { cpe: "cpe:2.3:a:oracle:autonomous_health_framework:21c:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "blockchain_platform", product: { name: "blockchain_platform", product_id: "CSAFPID-764779", product_identification_helper: { cpe: "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "blockchain_platform", product: { name: "blockchain_platform", product_id: "CSAFPID-89587", product_identification_helper: { cpe: "cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "essbase", product: { name: "essbase", product_id: "CSAFPID-765259", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:_security_and_provisioning___21.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "essbase", product: { name: "essbase", product_id: "CSAFPID-187448", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:21.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "essbase", product: { name: "essbase", product_id: "CSAFPID-94075", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:21.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "essbase", product: { name: "essbase", product_id: "CSAFPID-220886", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:21.4.3.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "essbase", product: { name: "essbase", product_id: "CSAFPID-611394", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:21.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "essbase", product: { name: "essbase", product_id: "CSAFPID-816317", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:21.5.3.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "essbase", product: { name: "essbase", product_id: "CSAFPID-912567", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:21.5.4.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "essbase", product: { name: "essbase", product_id: "CSAFPID-1503612", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "essbase", product: { name: "essbase", product_id: "CSAFPID-1673479", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:21.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_essbase", product: { name: "oracle_essbase", product_id: "CSAFPID-1650506", product_identification_helper: { cpe: "cpe:2.3:a:oracle:oracle_essbase:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_big_data_and_application_adapters", product: { name: "goldengate_big_data_and_application_adapters", product_id: "CSAFPID-816845", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_big_data_and_application_adapters", product: { name: "goldengate_big_data_and_application_adapters", product_id: "CSAFPID-1650825", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_big_data_and_application_adapters", product: { name: "goldengate_big_data_and_application_adapters", product_id: "CSAFPID-1673404", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_big_data_and_application_adapters", product: { name: "goldengate_big_data_and_application_adapters", product_id: "CSAFPID-1650831", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3-21.14.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_big_data", product: { name: "goldengate_big_data", product_id: "CSAFPID-764274", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_big_data:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_stream_analytics", product: { name: "goldengate_stream_analytics", product_id: "CSAFPID-764752", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_stream_analytics", product: { name: "goldengate_stream_analytics", product_id: "CSAFPID-1673384", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_stream_analytics", product: { name: "goldengate_stream_analytics", product_id: "CSAFPID-220192", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_stream_analytics", product: { name: "goldengate_stream_analytics", product_id: "CSAFPID-220193", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_studio", product: { name: "goldengate_studio", product_id: "CSAFPID-816846", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_studio", product: { name: "goldengate_studio", product_id: "CSAFPID-611390", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_studio:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_studio", product: { name: "goldengate_studio", product_id: "CSAFPID-764803", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_studio:fusion_middleware_12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_veridata", product: { name: "goldengate_veridata", product_id: "CSAFPID-764275", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_veridata:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-342816", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1650767", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.23.0.0.240716:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-485902", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:19.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1503736", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:19.23.0.0.240716:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-219912", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:19c:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1503739", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:21.14:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1650765", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:21.3-21.14:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1503738", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:21.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_goldengate_stream_analytics", product: { name: "oracle_goldengate_stream_analytics", product_id: "CSAFPID-1650515", product_identification_helper: { cpe: "cpe:2.3:a:oracle:oracle_goldengate_stream_analytics:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "management_pack_for__goldengate", product: { name: "management_pack_for__goldengate", product_id: "CSAFPID-764861", product_identification_helper: { cpe: "cpe:2.3:a:oracle:management_pack_for__goldengate:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "management_pack_for__goldengate", product: { name: "management_pack_for__goldengate", product_id: "CSAFPID-1503640", product_identification_helper: { cpe: "cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_goldengate_studio", product: { name: "oracle_goldengate_studio", product_id: "CSAFPID-1650835", product_identification_helper: { cpe: "cpe:2.3:a:oracle:oracle_goldengate_studio:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_goldengate", product: { name: "oracle_goldengate", product_id: "CSAFPID-1650575", product_identification_helper: { cpe: "cpe:2.3:a:oracle:oracle_goldengate:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-764813", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1503661", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1503663", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1673497", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-764764", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:19.5.33:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-764765", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:20.3.28:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1673491", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:20.3.40:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-764766", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:21.2.55:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1673495", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:21.2.71:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-764767", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:22.3.26:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1673493", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:22.3.45:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1673489", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:23.3.33:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1673488", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:24.1.17:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1650757", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:prior_to_19.5.42:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1650758", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:prior_to_20.3.40:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1650761", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:prior_to_21.2.27:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1650760", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:prior_to_22.3.46:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1650759", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:prior_to_23.3.32:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_nosql_database", product: { name: "oracle_nosql_database", product_id: "CSAFPID-1650584", product_identification_helper: { cpe: "cpe:2.3:a:oracle:oracle_nosql_database:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_secure_backup", product: { name: "oracle_secure_backup", product_id: "CSAFPID-1650563", product_identification_helper: { cpe: "cpe:2.3:a:oracle:oracle_secure_backup:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "secure_backup", product: { name: "secure_backup", product_id: "CSAFPID-667692", product_identification_helper: { cpe: "cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "secure_backup", product: { name: "secure_backup", product_id: "CSAFPID-345049", product_identification_helper: { cpe: "cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "secure_backup", product: { name: "secure_backup", product_id: "CSAFPID-611417", product_identification_helper: { cpe: "cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "secure_backup", product: { name: "secure_backup", product_id: "CSAFPID-1673422", product_identification_helper: { cpe: "cpe:2.3:a:oracle:secure_backup:19.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_sql_developer", product: { name: "oracle_sql_developer", product_id: "CSAFPID-1650638", product_identification_helper: { cpe: "cpe:2.3:a:oracle:oracle_sql_developer:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sql_developer", product: { name: "sql_developer", product_id: "CSAFPID-764822", product_identification_helper: { cpe: "cpe:2.3:a:oracle:sql_developer:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sql_developer", product: { name: "sql_developer", product_id: "CSAFPID-220643", product_identification_helper: { cpe: "cpe:2.3:a:oracle:sql_developer:21.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sql_developer", product: { name: "sql_developer", product_id: "CSAFPID-816870", product_identification_helper: { cpe: "cpe:2.3:a:oracle:sql_developer:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sql_developer", product: { name: "sql_developer", product_id: "CSAFPID-816871", product_identification_helper: { cpe: "cpe:2.3:a:oracle:sql_developer:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sql_developer", product: { name: "sql_developer", product_id: "CSAFPID-1673397", product_identification_helper: { cpe: "cpe:2.3:a:oracle:sql_developer:24.3.0:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, { branches: [ { category: "product_name", name: "oracle_application_express", product: { name: "oracle_application_express", product_id: "CSAFPID-1673144", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:oracle_application_express:24.1:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle_corporation", }, ], }, vulnerabilities: [ { cve: "CVE-2022-1471", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-611390", "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764779", "CSAFPID-94075", "CSAFPID-220886", "CSAFPID-764803", "CSAFPID-764813", "CSAFPID-342816", "CSAFPID-764752", "CSAFPID-764822", "CSAFPID-1650515", "CSAFPID-1650638", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816317", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-89587", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816361", "CSAFPID-220643", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-667692", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-912046", "CSAFPID-912045", "CSAFPID-912044", ], }, references: [ { category: "self", summary: "CVE-2022-1471", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-1471.json", }, ], title: "CVE-2022-1471", }, { cve: "CVE-2022-34169", cwe: { id: "CWE-192", name: "Integer Coercion Error", }, notes: [ { category: "other", text: "Integer Coercion Error", title: "CWE-192", }, { category: "other", text: "Incorrect Conversion between Numeric Types", title: "CWE-681", }, ], product_status: { known_affected: [ "CSAFPID-764779", "CSAFPID-94075", "CSAFPID-342816", "CSAFPID-764803", "CSAFPID-764813", "CSAFPID-764822", "CSAFPID-764752", "CSAFPID-764275", "CSAFPID-764861", "CSAFPID-266119", "CSAFPID-187448", "CSAFPID-219912", "CSAFPID-765238", "CSAFPID-765239", "CSAFPID-765259", "CSAFPID-667692", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-764250", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816317", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816361", "CSAFPID-220643", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-1673384", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-912046", "CSAFPID-912045", "CSAFPID-912044", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, references: [ { category: "self", summary: "CVE-2022-34169", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-34169.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-764779", "CSAFPID-94075", "CSAFPID-342816", "CSAFPID-764803", "CSAFPID-764813", "CSAFPID-764822", "CSAFPID-764752", "CSAFPID-764275", "CSAFPID-764861", "CSAFPID-266119", "CSAFPID-187448", "CSAFPID-219912", "CSAFPID-765238", "CSAFPID-765239", "CSAFPID-765259", "CSAFPID-667692", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-764250", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816317", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816361", "CSAFPID-220643", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-1673384", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-912046", "CSAFPID-912045", "CSAFPID-912044", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, ], title: "CVE-2022-34169", }, { cve: "CVE-2022-36033", cwe: { id: "CWE-87", name: "Improper Neutralization of Alternate XSS Syntax", }, notes: [ { category: "other", text: "Improper Neutralization of Alternate XSS Syntax", title: "CWE-87", }, { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-611390", "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764779", "CSAFPID-220886", "CSAFPID-94075", "CSAFPID-764803", "CSAFPID-342816", "CSAFPID-764752", "CSAFPID-764861", "CSAFPID-764813", "CSAFPID-764822", "CSAFPID-266119", "CSAFPID-187448", "CSAFPID-1650515", "CSAFPID-1650835", "CSAFPID-219912", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816317", "CSAFPID-667692", "CSAFPID-1673384", "CSAFPID-912561", "CSAFPID-1503575", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816361", "CSAFPID-220643", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-912567", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-912046", "CSAFPID-912045", "CSAFPID-912044", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, references: [ { category: "self", summary: "CVE-2022-36033", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-36033.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-611390", "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764779", "CSAFPID-220886", "CSAFPID-94075", "CSAFPID-764803", "CSAFPID-342816", "CSAFPID-764752", "CSAFPID-764861", "CSAFPID-764813", "CSAFPID-764822", "CSAFPID-266119", "CSAFPID-187448", "CSAFPID-1650515", "CSAFPID-1650835", "CSAFPID-219912", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816317", "CSAFPID-667692", "CSAFPID-1673384", "CSAFPID-912561", "CSAFPID-1503575", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816361", "CSAFPID-220643", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-912567", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-912046", "CSAFPID-912045", "CSAFPID-912044", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, ], title: "CVE-2022-36033", }, { cve: "CVE-2022-37454", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "other", text: "Integer Overflow to Buffer Overflow", title: "CWE-680", }, ], product_status: { known_affected: [ "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-611390", "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-220886", "CSAFPID-342816", "CSAFPID-764752", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764779", "CSAFPID-94075", "CSAFPID-764803", "CSAFPID-764813", "CSAFPID-764822", "CSAFPID-1650563", "CSAFPID-89587", "CSAFPID-764861", ], }, references: [ { category: "self", summary: "CVE-2022-37454", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-37454.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-611390", "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-220886", "CSAFPID-342816", "CSAFPID-764752", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764779", "CSAFPID-94075", "CSAFPID-764803", "CSAFPID-764813", "CSAFPID-764822", "CSAFPID-1650563", "CSAFPID-89587", "CSAFPID-764861", ], }, ], title: "CVE-2022-37454", }, { cve: "CVE-2022-38136", product_status: { known_affected: [ "CSAFPID-1673385", "CSAFPID-1673386", ], }, references: [ { category: "self", summary: "CVE-2022-38136", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-38136.json", }, ], title: "CVE-2022-38136", }, { cve: "CVE-2022-40196", product_status: { known_affected: [ "CSAFPID-1673385", "CSAFPID-1673386", ], }, references: [ { category: "self", summary: "CVE-2022-40196", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-40196.json", }, ], title: "CVE-2022-40196", }, { cve: "CVE-2022-41342", product_status: { known_affected: [ "CSAFPID-1673385", "CSAFPID-1673386", ], }, references: [ { category: "self", summary: "CVE-2022-41342", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-41342.json", }, ], title: "CVE-2022-41342", }, { cve: "CVE-2022-42919", cwe: { id: "CWE-311", name: "Missing Encryption of Sensitive Data", }, notes: [ { category: "other", text: "Missing Encryption of Sensitive Data", title: "CWE-311", }, { category: "other", text: "Improper Privilege Management", title: "CWE-269", }, ], product_status: { known_affected: [ "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-611390", "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-220886", "CSAFPID-342816", "CSAFPID-764752", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764779", "CSAFPID-94075", "CSAFPID-764803", "CSAFPID-764813", "CSAFPID-764822", "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2022-42919", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-42919.json", }, ], title: "CVE-2022-42919", }, { cve: "CVE-2022-45061", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Inefficient Algorithmic Complexity", title: "CWE-407", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-220886", "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-342816", "CSAFPID-764752", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764779", "CSAFPID-94075", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-611390", "CSAFPID-764803", "CSAFPID-764813", "CSAFPID-764822", "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2022-45061", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-45061.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-220886", "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-342816", "CSAFPID-764752", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764779", "CSAFPID-94075", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-611390", "CSAFPID-764803", "CSAFPID-764813", "CSAFPID-764822", "CSAFPID-89587", ], }, ], title: "CVE-2022-45061", }, { cve: "CVE-2022-46337", product_status: { known_affected: [ "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-1673384", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-764752", "CSAFPID-764275", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-912046", "CSAFPID-912045", "CSAFPID-912044", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-764250", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816317", "CSAFPID-816845", "CSAFPID-342816", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-816361", "CSAFPID-764813", "CSAFPID-220643", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-667692", ], }, references: [ { category: "self", summary: "CVE-2022-46337", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-46337.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-1673384", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-764752", "CSAFPID-764275", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-912046", "CSAFPID-912045", "CSAFPID-912044", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-764250", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816317", "CSAFPID-816845", "CSAFPID-342816", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-816361", "CSAFPID-764813", "CSAFPID-220643", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-667692", ], }, ], title: "CVE-2022-46337", }, { cve: "CVE-2023-2976", cwe: { id: "CWE-552", name: "Files or Directories Accessible to External Parties", }, notes: [ { category: "other", text: "Files or Directories Accessible to External Parties", title: "CWE-552", }, ], product_status: { known_affected: [ "CSAFPID-1650584", "CSAFPID-1650835", "CSAFPID-1650506", "CSAFPID-1650515", "CSAFPID-816317", "CSAFPID-816845", "CSAFPID-342816", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816361", "CSAFPID-764813", "CSAFPID-220643", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-667692", "CSAFPID-89587", "CSAFPID-1673397", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-345049", "CSAFPID-816801", "CSAFPID-611390", "CSAFPID-611394", "CSAFPID-611417", "CSAFPID-764250", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, references: [ { category: "self", summary: "CVE-2023-2976", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-2976.json", }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1650584", "CSAFPID-1650835", "CSAFPID-1650506", "CSAFPID-1650515", "CSAFPID-816317", "CSAFPID-816845", "CSAFPID-342816", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816361", "CSAFPID-764813", "CSAFPID-220643", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-667692", "CSAFPID-89587", "CSAFPID-1673397", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-345049", "CSAFPID-816801", "CSAFPID-611390", "CSAFPID-611394", "CSAFPID-611417", "CSAFPID-764250", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, ], title: "CVE-2023-2976", }, { cve: "CVE-2023-4043", cwe: { id: "CWE-834", name: "Excessive Iteration", }, notes: [ { category: "other", text: "Excessive Iteration", title: "CWE-834", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1673405", "CSAFPID-1673397", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, references: [ { category: "self", summary: "CVE-2023-4043", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4043.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673405", "CSAFPID-1673397", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, ], title: "CVE-2023-4043", }, { cve: "CVE-2023-4759", cwe: { id: "CWE-59", name: "Improper Link Resolution Before File Access ('Link Following')", }, notes: [ { category: "other", text: "Improper Link Resolution Before File Access ('Link Following')", title: "CWE-59", }, { category: "other", text: "Improper Handling of Case Sensitivity", title: "CWE-178", }, ], product_status: { known_affected: [ "CSAFPID-1673397", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2023-4759", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4759.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673397", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2023-4759", }, { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-89587", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-342816", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816798", "CSAFPID-816801", ], }, references: [ { category: "self", summary: "CVE-2023-4863", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4863.json", }, ], title: "CVE-2023-4863", }, { cve: "CVE-2023-5072", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1650575", "CSAFPID-1650515", "CSAFPID-1650835", "CSAFPID-89587", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, references: [ { category: "self", summary: "CVE-2023-5072", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5072.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1650575", "CSAFPID-1650515", "CSAFPID-1650835", "CSAFPID-89587", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, ], title: "CVE-2023-5072", }, { cve: "CVE-2023-26031", cwe: { id: "CWE-426", name: "Untrusted Search Path", }, notes: [ { category: "other", text: "Untrusted Search Path", title: "CWE-426", }, ], product_status: { known_affected: [ "CSAFPID-1673384", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2023-26031", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26031.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673384", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2023-26031", }, { cve: "CVE-2023-26551", product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2023-26551", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26551.json", }, ], scores: [ { cvss_v3: { baseScore: 0, baseSeverity: "NONE", vectorString: "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2023-26551", }, { cve: "CVE-2023-26552", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2023-26552", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26552.json", }, ], scores: [ { cvss_v3: { baseScore: 5.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2023-26552", }, { cve: "CVE-2023-26553", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2023-26553", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26553.json", }, ], scores: [ { cvss_v3: { baseScore: 5.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2023-26553", }, { cve: "CVE-2023-26554", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2023-26554", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26554.json", }, ], scores: [ { cvss_v3: { baseScore: 5.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2023-26554", }, { cve: "CVE-2023-26555", product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2023-26555", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26555.json", }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2023-26555", }, { cve: "CVE-2023-28484", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-764250", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-220886", "CSAFPID-816317", "CSAFPID-764813", "CSAFPID-89587", "CSAFPID-342816", "CSAFPID-345049", "CSAFPID-764752", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-611390", "CSAFPID-611394", "CSAFPID-611417", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-220643", "CSAFPID-667692", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", ], }, references: [ { category: "self", summary: "CVE-2023-28484", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-28484.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-764250", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-220886", "CSAFPID-816317", "CSAFPID-764813", "CSAFPID-89587", "CSAFPID-342816", "CSAFPID-345049", "CSAFPID-764752", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-611390", "CSAFPID-611394", "CSAFPID-611417", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-220643", "CSAFPID-667692", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", ], }, ], title: "CVE-2023-28484", }, { cve: "CVE-2023-29469", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Double Free", title: "CWE-415", }, ], product_status: { known_affected: [ "CSAFPID-611417", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-816317", "CSAFPID-89587", "CSAFPID-220886", "CSAFPID-342816", "CSAFPID-345049", "CSAFPID-764752", "CSAFPID-611390", "CSAFPID-611394", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-220643", "CSAFPID-667692", "CSAFPID-764813", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-764250", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", ], }, references: [ { category: "self", summary: "CVE-2023-29469", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-29469.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-611417", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-816317", "CSAFPID-89587", "CSAFPID-220886", "CSAFPID-342816", "CSAFPID-345049", "CSAFPID-764752", "CSAFPID-611390", "CSAFPID-611394", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-220643", "CSAFPID-667692", "CSAFPID-764813", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-764250", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", ], }, ], title: "CVE-2023-29469", }, { cve: "CVE-2023-33201", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-1650584", "CSAFPID-1673397", "CSAFPID-912561", "CSAFPID-345049", "CSAFPID-611390", "CSAFPID-611417", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, references: [ { category: "self", summary: "CVE-2023-33201", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-33201.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-1650584", "CSAFPID-1673397", "CSAFPID-912561", "CSAFPID-345049", "CSAFPID-611390", "CSAFPID-611417", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, ], title: "CVE-2023-33201", }, { cve: "CVE-2023-37920", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, notes: [ { category: "other", text: "Improper Certificate Validation", title: "CWE-295", }, { category: "other", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, ], product_status: { known_affected: [ "CSAFPID-89587", "CSAFPID-1503575", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", ], }, references: [ { category: "self", summary: "CVE-2023-37920", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-37920.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-89587", "CSAFPID-1503575", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", ], }, ], title: "CVE-2023-37920", }, { cve: "CVE-2023-39410", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1673404", "CSAFPID-1673384", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", ], }, references: [ { category: "self", summary: "CVE-2023-39410", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-39410.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673404", "CSAFPID-1673384", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", ], }, ], title: "CVE-2023-39410", }, { cve: "CVE-2023-44487", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1650757", "CSAFPID-1650758", "CSAFPID-1650759", "CSAFPID-1650760", "CSAFPID-1650761", "CSAFPID-89587", "CSAFPID-816361", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503603", "CSAFPID-1503575", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, references: [ { category: "self", summary: "CVE-2023-44487", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44487.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1650757", "CSAFPID-1650758", "CSAFPID-1650759", "CSAFPID-1650760", "CSAFPID-1650761", "CSAFPID-89587", "CSAFPID-816361", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503603", "CSAFPID-1503575", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, ], title: "CVE-2023-44487", }, { cve: "CVE-2023-44981", cwe: { id: "CWE-639", name: "Authorization Bypass Through User-Controlled Key", }, notes: [ { category: "other", text: "Authorization Bypass Through User-Controlled Key", title: "CWE-639", }, ], product_status: { known_affected: [ "CSAFPID-1650515", "CSAFPID-89587", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", ], }, references: [ { category: "self", summary: "CVE-2023-44981", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44981.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1650515", "CSAFPID-89587", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", ], }, ], title: "CVE-2023-44981", }, { cve: "CVE-2023-45288", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2023-45288", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45288.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2023-45288", }, { cve: "CVE-2023-48795", cwe: { id: "CWE-222", name: "Truncation of Security-relevant Information", }, notes: [ { category: "other", text: "Truncation of Security-relevant Information", title: "CWE-222", }, ], product_status: { known_affected: [ "CSAFPID-1650765", "CSAFPID-1650757", "CSAFPID-1650758", "CSAFPID-1650767", "CSAFPID-1650759", "CSAFPID-1650760", "CSAFPID-1650761", "CSAFPID-89587", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503575", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, references: [ { category: "self", summary: "CVE-2023-48795", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1650765", "CSAFPID-1650757", "CSAFPID-1650758", "CSAFPID-1650767", "CSAFPID-1650759", "CSAFPID-1650760", "CSAFPID-1650761", "CSAFPID-89587", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503575", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, ], title: "CVE-2023-48795", }, { cve: "CVE-2023-49083", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-89587", "CSAFPID-342816", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816798", "CSAFPID-816801", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2023-49083", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-49083.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-89587", "CSAFPID-342816", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816798", "CSAFPID-816801", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2023-49083", }, { cve: "CVE-2023-51384", cwe: { id: "CWE-304", name: "Missing Critical Step in Authentication", }, notes: [ { category: "other", text: "Missing Critical Step in Authentication", title: "CWE-304", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2023-51384", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-51384.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2023-51384", }, { cve: "CVE-2023-51385", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2023-51385", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-51385.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2023-51385", }, { cve: "CVE-2023-52425", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-89587", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2023-52425", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52425.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-89587", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2023-52425", }, { cve: "CVE-2023-52426", cwe: { id: "CWE-776", name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", }, notes: [ { category: "other", text: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", title: "CWE-776", }, ], product_status: { known_affected: [ "CSAFPID-89587", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2023-52426", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52426.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-89587", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2023-52426", }, { cve: "CVE-2024-1874", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, { category: "other", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, ], product_status: { known_affected: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-1874", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-1874.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-1874", }, { cve: "CVE-2024-2408", cwe: { id: "CWE-203", name: "Observable Discrepancy", }, notes: [ { category: "other", text: "Observable Discrepancy", title: "CWE-203", }, { category: "other", text: "Observable Timing Discrepancy", title: "CWE-208", }, { category: "other", text: "Use of a Broken or Risky Cryptographic Algorithm", title: "CWE-327", }, { category: "other", text: "Covert Timing Channel", title: "CWE-385", }, ], product_status: { known_affected: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-2408", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2408.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-2408", }, { cve: "CVE-2024-2511", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improperly Controlled Sequential Memory Allocation", title: "CWE-1325", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-2511", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2511.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-2511", }, { cve: "CVE-2024-4577", cwe: { id: "CWE-88", name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", title: "CWE-88", }, { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, ], product_status: { known_affected: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-4577", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4577.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-4577", }, { cve: "CVE-2024-4603", cwe: { id: "CWE-606", name: "Unchecked Input for Loop Condition", }, notes: [ { category: "other", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-4603", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4603.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-4603", }, { cve: "CVE-2024-4741", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-4741", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4741.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-4741", }, { cve: "CVE-2024-5458", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-5458", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5458.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-5458", }, { cve: "CVE-2024-5535", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, ], product_status: { known_affected: [ "CSAFPID-1673508", "CSAFPID-1673525", ], }, references: [ { category: "self", summary: "CVE-2024-5535", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5535.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673508", "CSAFPID-1673525", ], }, ], title: "CVE-2024-5535", }, { cve: "CVE-2024-5585", cwe: { id: "CWE-116", name: "Improper Encoding or Escaping of Output", }, notes: [ { category: "other", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "other", text: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", title: "CWE-88", }, ], product_status: { known_affected: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-5585", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5585.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-5585", }, { cve: "CVE-2024-6119", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, notes: [ { category: "other", text: "Access of Resource Using Incompatible Type ('Type Confusion')", title: "CWE-843", }, ], product_status: { known_affected: [ "CSAFPID-1673508", "CSAFPID-1673525", ], }, references: [ { category: "self", summary: "CVE-2024-6119", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6119.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673508", "CSAFPID-1673525", ], }, ], title: "CVE-2024-6119", }, { cve: "CVE-2024-6232", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, notes: [ { category: "other", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, ], references: [ { category: "self", summary: "CVE-2024-6232", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6232.json", }, ], title: "CVE-2024-6232", }, { cve: "CVE-2024-7264", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1673529", "CSAFPID-1673479", "CSAFPID-1673511", "CSAFPID-1673512", ], }, references: [ { category: "self", summary: "CVE-2024-7264", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7264.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673529", "CSAFPID-1673479", "CSAFPID-1673511", "CSAFPID-1673512", ], }, ], title: "CVE-2024-7264", }, { cve: "CVE-2024-7592", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2024-7592", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7592.json", }, ], title: "CVE-2024-7592", }, { cve: "CVE-2024-21131", product_status: { known_affected: [ "CSAFPID-1503299", "CSAFPID-1503306", "CSAFPID-1503302", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-21131", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21131.json", }, ], title: "CVE-2024-21131", }, { cve: "CVE-2024-21138", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], product_status: { known_affected: [ "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-21138", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21138.json", }, ], title: "CVE-2024-21138", }, { cve: "CVE-2024-21140", product_status: { known_affected: [ "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503299", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-21140", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21140.json", }, ], title: "CVE-2024-21140", }, { cve: "CVE-2024-21144", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-21144", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21144.json", }, ], title: "CVE-2024-21144", }, { cve: "CVE-2024-21145", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1503299", "CSAFPID-1503306", "CSAFPID-1503302", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-21145", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21145.json", }, ], title: "CVE-2024-21145", }, { cve: "CVE-2024-21147", product_status: { known_affected: [ "CSAFPID-1503306", "CSAFPID-1503302", "CSAFPID-1503299", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-21147", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21147.json", }, ], title: "CVE-2024-21147", }, { cve: "CVE-2024-21233", product_status: { known_affected: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, references: [ { category: "self", summary: "CVE-2024-21233", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21233.json", }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, ], title: "CVE-2024-21233", }, { cve: "CVE-2024-21242", product_status: { known_affected: [ "CSAFPID-1673443", "CSAFPID-1673444", "CSAFPID-1673445", ], }, references: [ { category: "self", summary: "CVE-2024-21242", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21242.json", }, ], scores: [ { cvss_v3: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "CSAFPID-1673443", "CSAFPID-1673444", "CSAFPID-1673445", ], }, ], title: "CVE-2024-21242", }, { cve: "CVE-2024-21251", product_status: { known_affected: [ "CSAFPID-1673450", "CSAFPID-1673451", "CSAFPID-1673452", ], }, references: [ { category: "self", summary: "CVE-2024-21251", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21251.json", }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1673450", "CSAFPID-1673451", "CSAFPID-1673452", ], }, ], title: "CVE-2024-21251", }, { cve: "CVE-2024-21261", product_status: { known_affected: [ "CSAFPID-1673144", "CSAFPID-1503575", "CSAFPID-1673188", ], }, references: [ { category: "self", summary: "CVE-2024-21261", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21261.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1673144", "CSAFPID-1503575", "CSAFPID-1673188", ], }, ], title: "CVE-2024-21261", }, { cve: "CVE-2024-22018", cwe: { id: "CWE-275", name: "-", }, notes: [ { category: "other", text: "CWE-275", title: "CWE-275", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-22018", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22018.json", }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2024-22018", }, { cve: "CVE-2024-22020", product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-22020", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22020.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2024-22020", }, { cve: "CVE-2024-22201", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673384", "CSAFPID-342816", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816798", "CSAFPID-816801", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-22201", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22201.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673384", "CSAFPID-342816", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816798", "CSAFPID-816801", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-22201", }, { cve: "CVE-2024-23807", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1650831", "CSAFPID-1650825", "CSAFPID-1673479", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-23807", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23807.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1650831", "CSAFPID-1650825", "CSAFPID-1673479", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-23807", }, { cve: "CVE-2024-23944", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-1673384", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-23944", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23944.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1673384", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-23944", }, { cve: "CVE-2024-24989", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-24989", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24989.json", }, ], title: "CVE-2024-24989", }, { cve: "CVE-2024-24990", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-24990", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24990.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2024-24990", }, { cve: "CVE-2024-25710", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], product_status: { known_affected: [ "CSAFPID-89587", "CSAFPID-1673384", "CSAFPID-816871", "CSAFPID-816798", "CSAFPID-816801", "CSAFPID-342816", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-912046", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-25710", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25710.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-89587", "CSAFPID-1673384", "CSAFPID-816871", "CSAFPID-816798", "CSAFPID-816801", "CSAFPID-342816", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-912046", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-25710", }, { cve: "CVE-2024-26130", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-89587", "CSAFPID-342816", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816798", "CSAFPID-816801", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-26130", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26130.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-89587", "CSAFPID-342816", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816798", "CSAFPID-816801", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-26130", }, { cve: "CVE-2024-26308", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-89587", "CSAFPID-1673384", "CSAFPID-816871", "CSAFPID-816798", "CSAFPID-342816", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816801", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-26308", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26308.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-89587", "CSAFPID-1673384", "CSAFPID-816871", "CSAFPID-816798", "CSAFPID-342816", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816801", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-26308", }, { cve: "CVE-2024-27983", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-27983", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27983.json", }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, products: [ "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-27983", }, { cve: "CVE-2024-28182", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Detection of Error Condition Without Action", title: "CWE-390", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1673442", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-28182", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28182.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673442", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-28182", }, { cve: "CVE-2024-28849", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-89587", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-28849", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28849.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-89587", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-28849", }, { cve: "CVE-2024-28887", cwe: { id: "CWE-427", name: "Uncontrolled Search Path Element", }, notes: [ { category: "other", text: "Uncontrolled Search Path Element", title: "CWE-427", }, ], product_status: { known_affected: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, references: [ { category: "self", summary: "CVE-2024-28887", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28887.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, ], title: "CVE-2024-28887", }, { cve: "CVE-2024-29025", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1673488", "CSAFPID-1673489", "CSAFPID-1673491", "CSAFPID-1673492", "CSAFPID-1673493", "CSAFPID-1673495", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-29025", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1673488", "CSAFPID-1673489", "CSAFPID-1673491", "CSAFPID-1673492", "CSAFPID-1673493", "CSAFPID-1673495", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-29025", }, { cve: "CVE-2024-29131", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1673497", "CSAFPID-1673397", "CSAFPID-1673384", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-29131", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29131.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1673497", "CSAFPID-1673397", "CSAFPID-1673384", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-29131", }, { cve: "CVE-2024-29133", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1673497", "CSAFPID-1673397", "CSAFPID-1673384", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-29133", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29133.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1673497", "CSAFPID-1673397", "CSAFPID-1673384", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-29133", }, { cve: "CVE-2024-31079", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Stack-based Buffer Overflow", title: "CWE-121", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-31079", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-31079.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2024-31079", }, { cve: "CVE-2024-32760", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-32760", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32760.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2024-32760", }, { cve: "CVE-2024-34161", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, notes: [ { category: "other", text: "Missing Release of Memory after Effective Lifetime", title: "CWE-401", }, { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-34161", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34161.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2024-34161", }, { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, notes: [ { category: "other", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673504", "CSAFPID-1673506", ], }, references: [ { category: "self", summary: "CVE-2024-34750", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34750.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673504", "CSAFPID-1673506", ], }, ], title: "CVE-2024-34750", }, { cve: "CVE-2024-35200", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-35200", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35200.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2024-35200", }, { cve: "CVE-2024-36137", cwe: { id: "CWE-275", name: "-", }, notes: [ { category: "other", text: "CWE-275", title: "CWE-275", }, { category: "other", text: "Incorrect Permission Assignment for Critical Resource", title: "CWE-732", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-36137", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36137.json", }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2024-36137", }, { cve: "CVE-2024-36138", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-36138", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36138.json", }, ], title: "CVE-2024-36138", }, { cve: "CVE-2024-36387", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-36387", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36387.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-36387", }, { cve: "CVE-2024-37370", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, notes: [ { category: "other", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, ], product_status: { known_affected: [ "CSAFPID-1673507", "CSAFPID-1673508", "CSAFPID-1673509", ], }, references: [ { category: "self", summary: "CVE-2024-37370", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37370.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673507", "CSAFPID-1673508", "CSAFPID-1673509", ], }, ], title: "CVE-2024-37370", }, { cve: "CVE-2024-37371", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, notes: [ { category: "other", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, ], product_status: { known_affected: [ "CSAFPID-1673507", "CSAFPID-1673508", "CSAFPID-1673509", ], }, references: [ { category: "self", summary: "CVE-2024-37371", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37371.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673507", "CSAFPID-1673508", "CSAFPID-1673509", ], }, ], title: "CVE-2024-37371", }, { cve: "CVE-2024-37372", product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-37372", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37372.json", }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2024-37372", }, { cve: "CVE-2024-38356", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-1673510", "CSAFPID-1503575", "CSAFPID-1673188", ], }, references: [ { category: "self", summary: "CVE-2024-38356", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38356.json", }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1673510", "CSAFPID-1503575", "CSAFPID-1673188", ], }, ], title: "CVE-2024-38356", }, { cve: "CVE-2024-38357", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-1673510", "CSAFPID-1503575", "CSAFPID-1673188", ], }, references: [ { category: "self", summary: "CVE-2024-38357", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38357.json", }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1673510", "CSAFPID-1503575", "CSAFPID-1673188", ], }, ], title: "CVE-2024-38357", }, { cve: "CVE-2024-38472", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, notes: [ { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-38472", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38472.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-38472", }, { cve: "CVE-2024-38473", cwe: { id: "CWE-172", name: "Encoding Error", }, notes: [ { category: "other", text: "Encoding Error", title: "CWE-172", }, { category: "other", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-38473", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38473.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-38473", }, { cve: "CVE-2024-38474", cwe: { id: "CWE-172", name: "Encoding Error", }, notes: [ { category: "other", text: "Encoding Error", title: "CWE-172", }, { category: "other", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-38474", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38474.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-38474", }, { cve: "CVE-2024-38475", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, { category: "other", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-38475", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38475.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-38475", }, { cve: "CVE-2024-38476", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Inclusion of Functionality from Untrusted Control Sphere", title: "CWE-829", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-38476", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38476.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-38476", }, { cve: "CVE-2024-38477", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-38477", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38477.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-38477", }, { cve: "CVE-2024-38998", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, notes: [ { category: "other", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, ], product_status: { known_affected: [ "CSAFPID-1673511", "CSAFPID-1673512", "CSAFPID-1503575", "CSAFPID-1673188", ], }, references: [ { category: "self", summary: "CVE-2024-38998", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38998.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673511", "CSAFPID-1673512", "CSAFPID-1503575", "CSAFPID-1673188", ], }, ], title: "CVE-2024-38998", }, { cve: "CVE-2024-38999", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, notes: [ { category: "other", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, ], product_status: { known_affected: [ "CSAFPID-1673511", "CSAFPID-1673512", "CSAFPID-1503575", "CSAFPID-1673188", ], }, references: [ { category: "self", summary: "CVE-2024-38999", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38999.json", }, ], scores: [ { cvss_v3: { baseScore: 10, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673511", "CSAFPID-1673512", "CSAFPID-1503575", "CSAFPID-1673188", ], }, ], title: "CVE-2024-38999", }, { cve: "CVE-2024-39573", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, notes: [ { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-39573", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39573.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-39573", }, { cve: "CVE-2024-39884", cwe: { id: "CWE-18", name: "-", }, notes: [ { category: "other", text: "CWE-18", title: "CWE-18", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-39884", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39884.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-39884", }, { cve: "CVE-2024-40725", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Exposure of Resource to Wrong Sphere", title: "CWE-668", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", ], }, references: [ { category: "self", summary: "CVE-2024-40725", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40725.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", ], }, ], title: "CVE-2024-40725", }, { cve: "CVE-2024-40898", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, notes: [ { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", ], }, references: [ { category: "self", summary: "CVE-2024-40898", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40898.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", ], }, ], title: "CVE-2024-40898", }, { cve: "CVE-2024-45490", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "other", text: "Incorrect Calculation of Buffer Size", title: "CWE-131", }, ], product_status: { known_affected: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, references: [ { category: "self", summary: "CVE-2024-45490", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45490.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, ], title: "CVE-2024-45490", }, { cve: "CVE-2024-45491", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, references: [ { category: "self", summary: "CVE-2024-45491", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45491.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, ], title: "CVE-2024-45491", }, { cve: "CVE-2024-45492", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, references: [ { category: "self", summary: "CVE-2024-45492", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45492.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, ], title: "CVE-2024-45492", }, { cve: "CVE-2024-45801", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, notes: [ { category: "other", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, { category: "other", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, ], product_status: { known_affected: [ "CSAFPID-1503575", "CSAFPID-1673188", ], }, references: [ { category: "self", summary: "CVE-2024-45801", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45801.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1503575", "CSAFPID-1673188", ], }, ], title: "CVE-2024-45801", }, ], }
ncsc-2024-0414
Vulnerability from csaf_ncscnl
Notes
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Oracle heeft kwetsbaarheden verholpen in diverse Communications producten en systemen.", title: "Feiten", }, { category: "description", text: "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n- Denial-of-Service (DoS)\n- Manipuleren van gegevens\n- Uitvoer van willekeurige code (Gebruikersrechten)\n- Uitvoer van willekeurige code (Administratorrechten)\n- Toegang tot gevoelige gegevens", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "general", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Return of Pointer Value Outside of Expected Range", title: "CWE-466", }, { category: "general", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, { category: "general", text: "Detection of Error Condition Without Action", title: "CWE-390", }, { category: "general", text: "Asymmetric Resource Consumption (Amplification)", title: "CWE-405", }, { category: "general", text: "Truncation of Security-relevant Information", title: "CWE-222", }, { category: "general", text: "Signal Handler Race Condition", title: "CWE-364", }, { category: "general", text: "Multiple Interpretations of UI Input", title: "CWE-450", }, { category: "general", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, { category: "general", text: "Missing Release of Resource after Effective Lifetime", title: "CWE-772", }, { category: "general", text: "Incorrect Resource Transfer Between Spheres", title: "CWE-669", }, { category: "general", text: "Buffer Over-read", title: "CWE-126", }, { category: "general", text: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", title: "CWE-88", }, { category: "general", text: "Acceptance of Extraneous Untrusted Data With Trusted Data", title: "CWE-349", }, { category: "general", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "general", text: "Excessive Iteration", title: "CWE-834", }, { category: "general", text: "Inefficient Algorithmic Complexity", title: "CWE-407", }, { category: "general", text: "Improper Check for Unusual or Exceptional Conditions", title: "CWE-754", }, { category: "general", text: "Improper Check or Handling of Exceptional Conditions", title: "CWE-703", }, { category: "general", text: "Uncontrolled Search Path Element", title: "CWE-427", }, { category: "general", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, { category: "general", text: "Signed to Unsigned Conversion Error", title: "CWE-195", }, { category: "general", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, { category: "general", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, { category: "general", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, { category: "general", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, { category: "general", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "general", text: "UNIX Symbolic Link (Symlink) Following", title: "CWE-61", }, { category: "general", text: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", title: "CWE-362", }, { category: "general", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "Improper Access Control", title: "CWE-284", }, { category: "general", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "general", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "Missing Release of Memory after Effective Lifetime", title: "CWE-401", }, { category: "general", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "general", text: "Incomplete Cleanup", title: "CWE-459", }, { category: "general", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "general", text: "Uncaught Exception", title: "CWE-248", }, { category: "general", text: "Uncontrolled Recursion", title: "CWE-674", }, { category: "general", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, { category: "general", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - cveprojectv5; hkcert; nvd; oracle; redhat", url: "https://www.oracle.com/security-alerts/cpuoct2024.html", }, ], title: "Kwetsbaarheden verholpen in Oracle Communications", tracking: { current_release_date: "2024-10-17T13:17:52.103171Z", id: "NCSC-2024-0414", initial_release_date: "2024-10-17T13:17:52.103171Z", revision_history: [ { date: "2024-10-17T13:17:52.103171Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635313", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:10.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635305", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:12.11.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635311", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:12.11.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635312", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:12.11.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635323", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:12.6.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670430", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:14.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674632", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:14.0.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674630", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:14.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635320", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674633", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:17.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670439", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635322", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670429", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670435", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670431", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670436", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670432", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635321", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635310", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635318", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674640", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674642", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670434", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635316", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674639", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635314", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674638", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674637", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635306", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:4.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635307", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:4.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635317", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:46.6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635319", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:46.6.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670438", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635324", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635315", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:5.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670433", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674641", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.0.1.10.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674635", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674636", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.1.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670437", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.1.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674631", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.1.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674634", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635308", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635309", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications__10.4.0.4", product: { name: "communications__10.4.0.4", product_id: "CSAFPID-1674629", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications__10.4.0.4:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.2", product: { name: "communications___23.4.2", product_id: "CSAFPID-1670442", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.2:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.3", product: { name: "communications___23.4.3", product_id: "CSAFPID-1635325", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.3:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.4", product: { name: "communications___23.4.4", product_id: "CSAFPID-1635326", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.4:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.5", product: { name: "communications___23.4.5", product_id: "CSAFPID-1674645", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.5:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.6", product: { name: "communications___23.4.6", product_id: "CSAFPID-1674646", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.6:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___24.2.0", product: { name: "communications___24.2.0", product_id: "CSAFPID-1674644", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___24.2.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___7.2.1.0.0", product: { name: "communications___7.2.1.0.0", product_id: "CSAFPID-1670441", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___7.2.1.0.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___8.6.0.6", product: { name: "communications___8.6.0.6", product_id: "CSAFPID-1635327", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___8.6.0.6:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___8.6.0.8", product: { name: "communications___8.6.0.8", product_id: "CSAFPID-1635328", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___8.6.0.8:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___9.0.2", product: { name: "communications___9.0.2", product_id: "CSAFPID-1670440", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___9.0.2:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___9.0.3", product: { name: "communications___9.0.3", product_id: "CSAFPID-1635329", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___9.0.3:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___9.1.1.8.0", product: { name: "communications___9.1.1.8.0", product_id: "CSAFPID-1674643", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___9.1.1.8.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674621", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674618", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:6.0.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674619", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674622", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674617", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.4.3.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674623", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674620", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___12.0.6.0.0", product: { name: "communications_applications___12.0.6.0.0", product_id: "CSAFPID-1674627", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___12.0.6.0.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___5.5.22", product: { name: "communications_applications___5.5.22", product_id: "CSAFPID-1674626", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___5.5.22:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___6.0.3", product: { name: "communications_applications___6.0.3", product_id: "CSAFPID-1674628", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___6.0.3:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___6.0.4", product: { name: "communications_applications___6.0.4", product_id: "CSAFPID-1674624", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___6.0.4:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___6.0.5", product: { name: "communications_applications___6.0.5", product_id: "CSAFPID-1674625", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___6.0.5:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_asap", product: { name: "communications_asap", product_id: "CSAFPID-204629", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_asap", product: { name: "communications_asap", product_id: "CSAFPID-1673475", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_asap:7.4.3.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_asap", product: { name: "communications_asap", product_id: "CSAFPID-816792", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-764735", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-1650734", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4.0-12.0.0.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-204639", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-204627", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-816793", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-912557", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management__-_elastic_charging_engine", product: { name: "communications_billing_and_revenue_management__-_elastic_charging_engine", product_id: "CSAFPID-219835", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management__-_elastic_charging_engine:12.0.0.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-764247", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-209548", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:11.3.0.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-209549", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:11.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-41194", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-1650820", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.4-12.0.0.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-765241", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-209546", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-209550", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-498607", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12:0.0.5.0:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-912556", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_calendar_server", product: { name: "communications_calendar_server", product_id: "CSAFPID-764736", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_calendar_server:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_calendar_server", product: { name: "communications_calendar_server", product_id: "CSAFPID-220190", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_configuration_console", product: { name: "communications_cloud_native_configuration_console", product_id: "CSAFPID-391501", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_configuration_console:22.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_configuration_console", product: { name: "communications_cloud_native_configuration_console", product_id: "CSAFPID-440102", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_configuration_console:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-89545", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-180215", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-180197", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-220548", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-41516", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-41515", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-220057", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-220055", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-220909", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-816765", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-816766", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-816767", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-1503577", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-1673416", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-1673516", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-1673412", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:24.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-1673411", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:24.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-764237", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-2045", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-40612", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-608629", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-93784", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1899", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-41111", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1685", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-493445", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-294401", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-220547", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-764824", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-220459", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-45184", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-45182", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-45181", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-611405", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-611403", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-611404", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1650752", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1673396", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-912066", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1503323", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_certificate_management", product: { name: "communications_cloud_native_core_certificate_management", product_id: "CSAFPID-1673526", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_certificate_management", product: { name: "communications_cloud_native_core_certificate_management", product_id: "CSAFPID-1673391", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_certificate_management", product: { name: "communications_cloud_native_core_certificate_management", product_id: "CSAFPID-1673394", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-165550", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-93546", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-180195", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-40299", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-187447", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-45186", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-45185", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-220559", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-220558", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-764238", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-764239", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-816768", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-816769", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-912085", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-1503578", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-1673389", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-1673390", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_dbtier", product: { name: "communications_cloud_native_core_dbtier", product_id: "CSAFPID-1673421", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_dbtier", product: { name: "communications_cloud_native_core_dbtier", product_id: "CSAFPID-1673420", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-764825", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:22.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-816770", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-816771", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-912068", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-1503579", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-180201", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-1900", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-760687", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-40947", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-93635", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-503534", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-90018", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-220327", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-94290", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-220325", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-614513", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-643776", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-816772", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-912076", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-1503580", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-40613", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-2044", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-40301", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-180194", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-449747", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-40298", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-223527", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-449746", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-503493", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-260394", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-219838", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-611387", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-618156", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-816773", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912101", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-1673473", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0-24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-1503581", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912539", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912540", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912541", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912542", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912543", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-40611", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-40609", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-180198", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-41112", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-41110", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-760688", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-493444", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-93633", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-220056", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-223511", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-216017", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-220889", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-614516", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-816774", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-220918", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-614515", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-614514", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-816346", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-912077", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-1503322", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-1673413", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-1673415", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:24.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-816775", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-912544", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-40608", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-180199", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-41113", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-260395", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-260393", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-816348", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-912545", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-816347", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-1673494", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-1673501", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:24.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-816776", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-816777", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-764240", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-220468", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.11.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-2310", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-93547", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-180200", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-180193", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1898", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-93636", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-90020", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-90015", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-220133", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1650751", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1673517", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1673395", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-912069", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-765371", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:all_supported_s:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-180216", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-180202", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-40300", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-93653", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-40949", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-642000", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-93634", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-220561", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-90021", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-94292", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-218028", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-220881", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-94291", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-220910", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-220324", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-611401", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-816778", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-614517", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-912547", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-1673392", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-1503582", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-1673393", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-912546", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-40610", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-611587", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-642002", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.2.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-493443", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-642001", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-224796", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-224795", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-912548", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-912102", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-912549", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1503583", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1503584", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1503585", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1672767", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-180217", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-180196", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-165576", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-40297", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-764899", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-589926", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-179780", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-40948", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-589925", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-179779", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-764826", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-90019", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-90016", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-220326", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-764241", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-912078", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-816349", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-912550", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1503586", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1503587", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1673399", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-816779", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:_signaling___23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_contacts_server", product: { name: "communications_contacts_server", product_id: "CSAFPID-764737", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_contacts_server:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_contacts_server", product: { name: "communications_contacts_server", product_id: "CSAFPID-224787", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_contacts_server", product: { name: "communications_contacts_server", product_id: "CSAFPID-220189", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_application_server", product: { name: "communications_converged_application_server", product_id: "CSAFPID-764827", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_application_server:7.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_application_server", product: { name: "communications_converged_application_server", product_id: "CSAFPID-764828", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_application_server:8.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_application_server_-_service_controller", product: { name: "communications_converged_application_server_-_service_controller", product_id: "CSAFPID-764734", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_application_server_-_service_controller", product: { name: "communications_converged_application_server_-_service_controller", product_id: "CSAFPID-426842", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_charging_system", product: { name: "communications_converged_charging_system", product_id: "CSAFPID-1503599", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_charging_system", product: { name: "communications_converged_charging_system", product_id: "CSAFPID-1503600", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-345031", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-204635", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-764833", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.3.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-224793", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-816794", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.3.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-342793", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-1650777", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.1.0.0-12.0.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-1265", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-764248", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-816350", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-1261", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_core_session_manager", product: { name: "communications_core_session_manager", product_id: "CSAFPID-110244", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_core_session_manager:8.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_core_session_manager", product: { name: "communications_core_session_manager", product_id: "CSAFPID-110242", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_core_session_manager:8.4.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_core_session_manager", product: { name: "communications_core_session_manager", product_id: "CSAFPID-93777", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_core_session_manager:8.45:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_core_session_manager", product: { name: "communications_core_session_manager", product_id: "CSAFPID-1672764", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_core_session_manager:9.1.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_core_session_manager", product: { name: "communications_core_session_manager", product_id: "CSAFPID-93772", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_core_session_manager:9.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_data_model", product: { name: "communications_data_model", product_id: "CSAFPID-764902", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_data_model:12.2.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-765372", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-342799", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-704412", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:7.4.0.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-704411", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:7.4.1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-165544", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:7.4.2.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-704410", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:7.4.2.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-41183", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:7.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_intelligence_hub", product: { name: "communications_diameter_intelligence_hub", product_id: "CSAFPID-342802", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_intelligence_hub", product: { name: "communications_diameter_intelligence_hub", product_id: "CSAFPID-764829", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:8.2.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1503588", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1892", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1891", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1888", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1887", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1889", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1884", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1885", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1882", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1881", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4.0.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1883", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1879", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.5.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1880", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-40293", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1650826", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.4-8.6.0.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1650830", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.4-8.6.0.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-611413", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-912551", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-912552", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_application_processor", product: { name: "communications_eagle_application_processor", product_id: "CSAFPID-1673417", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_application_processor:17.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_application_processor", product: { name: "communications_eagle_application_processor", product_id: "CSAFPID-765369", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_application_processor:all_supported_s:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_element_management_system", product: { name: "communications_eagle_element_management_system", product_id: "CSAFPID-1503316", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_element_management_system", product: { name: "communications_eagle_element_management_system", product_id: "CSAFPID-1503317", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_element_management_system", product: { name: "communications_eagle_element_management_system", product_id: "CSAFPID-204528", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_ftp_table_base_retrieval", product: { name: "communications_eagle_ftp_table_base_retrieval", product_id: "CSAFPID-204623", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_lnp_application_processor", product: { name: "communications_eagle_lnp_application_processor", product_id: "CSAFPID-352633", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_lnp_application_processor", product: { name: "communications_eagle_lnp_application_processor", product_id: "CSAFPID-352632", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_software", product: { name: "communications_eagle_software", product_id: "CSAFPID-765366", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_software:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_software", product: { name: "communications_eagle_software", product_id: "CSAFPID-765365", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_software:46.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_elastic_charging_engine", product: { name: "communications_elastic_charging_engine", product_id: "CSAFPID-764834", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_elastic_charging_engine:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-764242", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-204597", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-204580", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-9226", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-204589", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.2.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-9070", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-8845", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-204624", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.2.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-2286", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-204464", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.2.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-345038", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-93629", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-611422", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-93630", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-816780", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.4.53:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_evolved_communications_application_server", product: { name: "communications_evolved_communications_application_server", product_id: "CSAFPID-204645", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_fraud_monitor", product: { name: "communications_fraud_monitor", product_id: "CSAFPID-816781", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_fraud_monitor:5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_fraud_monitor", product: { name: "communications_fraud_monitor", product_id: "CSAFPID-816782", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_fraud_monitor:5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_fraud_monitor", product: { name: "communications_fraud_monitor", product_id: "CSAFPID-912553", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_fraud_monitor:5.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_instant_messaging_server", product: { name: "communications_instant_messaging_server", product_id: "CSAFPID-207586", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_instant_messaging_server", product: { name: "communications_instant_messaging_server", product_id: "CSAFPID-234306", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_instant_messaging_server", product: { name: "communications_instant_messaging_server", product_id: "CSAFPID-219803", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_instant_messaging_server", product: { name: "communications_instant_messaging_server", product_id: "CSAFPID-387664", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_instant_messaging_server:8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_interactive_session_recorder", product: { name: "communications_interactive_session_recorder", product_id: "CSAFPID-1893", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_ip_service_activator", product: { name: "communications_ip_service_activator", product_id: "CSAFPID-204622", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_ip_service_activator", product: { name: "communications_ip_service_activator", product_id: "CSAFPID-219909", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_ip_service_activator:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_lsms", product: { name: "communications_lsms", product_id: "CSAFPID-1673065", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_lsms:14.0.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_messaging_server", product: { name: "communications_messaging_server", product_id: "CSAFPID-764835", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.20.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_messaging_server", product: { name: "communications_messaging_server", product_id: "CSAFPID-375182", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.21.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_messaging_server", product: { name: "communications_messaging_server", product_id: "CSAFPID-816351", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.24.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_messaging_server", product: { name: "communications_messaging_server", product_id: "CSAFPID-41182", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_metasolv_solution", product: { name: "communications_metasolv_solution", product_id: "CSAFPID-611595", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_metasolv_solution", product: { name: "communications_metasolv_solution", product_id: "CSAFPID-226017", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-220167", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816353", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.2.0.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-764243", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816352", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-1503589", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-1503590", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-1673414", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816783", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.2.0.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816786", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816784", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.2.0.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816787", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816785", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.2.0.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816788", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-342803", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-1650778", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.1.0.0-12.0.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-1266", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-764249", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-816354", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-204563", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_integrity", product: { name: "communications_network_integrity", product_id: "CSAFPID-220125", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_integrity", product: { name: "communications_network_integrity", product_id: "CSAFPID-245244", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_integrity", product: { name: "communications_network_integrity", product_id: "CSAFPID-219776", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_integrity", product: { name: "communications_network_integrity", product_id: "CSAFPID-204554", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_offline_mediation_controller", product: { name: "communications_offline_mediation_controller", product_id: "CSAFPID-765242", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-9489", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-110249", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-93781", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-220132", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-912079", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-224791", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.3.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-219898", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-224790", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-221118", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-179774", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-1673496", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_performance_intelligence", product: { name: "communications_performance_intelligence", product_id: "CSAFPID-1503591", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_performance_intelligence_center", product: { name: "communications_performance_intelligence_center", product_id: "CSAFPID-1673485", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_performance_intelligence_center:prior_to_10.4.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_performance_intelligence_center__pic__software", product: { name: "communications_performance_intelligence_center__pic__software", product_id: "CSAFPID-765367", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_performance_intelligence_center__pic__software", product: { name: "communications_performance_intelligence_center__pic__software", product_id: "CSAFPID-765368", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:10.4.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_performance_intelligence_center__pic__software", product: { name: "communications_performance_intelligence_center__pic__software", product_id: "CSAFPID-764830", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:10.4.0.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_policy_management", product: { name: "communications_policy_management", product_id: "CSAFPID-573035", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_policy_management:12.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_policy_management", product: { name: "communications_policy_management", product_id: "CSAFPID-45192", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_policy_management", product: { name: "communications_policy_management", product_id: "CSAFPID-611406", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_policy_management:12.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_policy_management", product: { name: "communications_policy_management", product_id: "CSAFPID-816789", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_policy_management", product: { name: "communications_policy_management", product_id: "CSAFPID-816790", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_pricing_design_center", product: { name: "communications_pricing_design_center", product_id: "CSAFPID-764738", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_pricing_design_center", product: { name: "communications_pricing_design_center", product_id: "CSAFPID-204595", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_pricing_design_center", product: { name: "communications_pricing_design_center", product_id: "CSAFPID-204590", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_pricing_design_center", product: { name: "communications_pricing_design_center", product_id: "CSAFPID-816355", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-1503601", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816359", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.0.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816358", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816357", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.2.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-912558", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-1503602", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816795", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.0.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816796", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816797", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.2.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_services_gatekeeper", product: { name: "communications_services_gatekeeper", product_id: "CSAFPID-608630", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1503592", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1503593", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-40294", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-40292", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1672762", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-40291", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1503594", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1503595", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-342804", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-704413", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:-:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2296", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-166028", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2294", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2292", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2290", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2288", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2282", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2285", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2279", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-204634", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-345039", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-93628", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-611423", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-93631", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-816791", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.4.53:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-342805", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-704414", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-166027", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2295", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2293", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2289", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2291", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2287", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2283", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2284", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2280", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2281", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-220414", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-204607", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_router", product: { name: "communications_session_router", product_id: "CSAFPID-764780", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_router:9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_router", product: { name: "communications_session_router", product_id: "CSAFPID-764781", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_router:9.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_subscriber-aware_load_balancer", product: { name: "communications_subscriber-aware_load_balancer", product_id: "CSAFPID-93775", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_subscriber-aware_load_balancer", product: { name: "communications_subscriber-aware_load_balancer", product_id: "CSAFPID-93774", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:9.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-240600", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1673382", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:5.5.0-5.5.22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-78764", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:5.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-78763", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:5.5.10:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1673070", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:5.5.22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1673381", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1650731", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1673530", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-764901", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-78762", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-78761", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-614089", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1673068", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-764739", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-204614", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-8984", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-204510", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-204569", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-219826", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-912073", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_session_manager", product: { name: "communications_unified_session_manager", product_id: "CSAFPID-110243", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_session_manager", product: { name: "communications_unified_session_manager", product_id: "CSAFPID-205759", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_session_manager:8.4.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1503596", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1503597", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1503598", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-764900", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-76994", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-568240", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-764782", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.6.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-355340", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.6.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-912080", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1673481", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:14.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_webrtc_session_controller", product: { name: "communications_webrtc_session_controller", product_id: "CSAFPID-912554", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_webrtc_session_controller", product: { name: "communications_webrtc_session_controller", product_id: "CSAFPID-611408", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_webrtc_session_controller", product: { name: "communications_webrtc_session_controller", product_id: "CSAFPID-703515", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_webrtc_session_controller", product: { name: "communications_webrtc_session_controller", product_id: "CSAFPID-611407", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_webrtc_session_controller", product: { name: "communications_webrtc_session_controller", product_id: "CSAFPID-204456", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2021-37137", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-41182", "CSAFPID-209546", "CSAFPID-40608", "CSAFPID-180216", "CSAFPID-93547", "CSAFPID-180217", "CSAFPID-2310", "CSAFPID-40612", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45182", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-216017", "CSAFPID-764240", "CSAFPID-90021", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-94291", "CSAFPID-493443", "CSAFPID-224796", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-40293", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-93781", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-342793", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-342803", "CSAFPID-204563", "CSAFPID-221118", "CSAFPID-240600", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-1899", "CSAFPID-41111", "CSAFPID-40299", "CSAFPID-187447", "CSAFPID-1900", "CSAFPID-40301", "CSAFPID-180194", "CSAFPID-40298", "CSAFPID-41112", "CSAFPID-41110", "CSAFPID-41113", "CSAFPID-180193", "CSAFPID-1898", "CSAFPID-40300", "CSAFPID-611587", "CSAFPID-40297", "CSAFPID-110244", "CSAFPID-110242", "CSAFPID-9489", "CSAFPID-110249", "CSAFPID-40294", "CSAFPID-110243", "CSAFPID-204629", "CSAFPID-765241", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-41183", "CSAFPID-207586", "CSAFPID-765242", "CSAFPID-205759", "CSAFPID-1893", "CSAFPID-765365", "CSAFPID-765366", "CSAFPID-342804", "CSAFPID-342805", "CSAFPID-204456", "CSAFPID-1882", "CSAFPID-573035", "CSAFPID-204645", "CSAFPID-765367", "CSAFPID-765368", "CSAFPID-764242", "CSAFPID-76994", "CSAFPID-204623", "CSAFPID-352633", "CSAFPID-352632", "CSAFPID-765369", "CSAFPID-204528", "CSAFPID-342802", "CSAFPID-40610", "CSAFPID-40611", "CSAFPID-40609", "CSAFPID-180198", "CSAFPID-180196", "CSAFPID-180201", "CSAFPID-180202", "CSAFPID-40613", "CSAFPID-180199", "CSAFPID-93546", "CSAFPID-180195", "CSAFPID-180200", "CSAFPID-765371", "CSAFPID-89545", "CSAFPID-180215", "CSAFPID-180197", "CSAFPID-204639", "CSAFPID-204627", "CSAFPID-226017", "CSAFPID-219898", "CSAFPID-179774", "CSAFPID-342799", "CSAFPID-765372", "CSAFPID-220125", "CSAFPID-245244", "CSAFPID-204554", "CSAFPID-764739", "CSAFPID-204614", "CSAFPID-345031", "CSAFPID-204635", "CSAFPID-204595", "CSAFPID-204590", "CSAFPID-224787", "CSAFPID-1673381", "CSAFPID-1673382", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", ], }, references: [ { category: "self", summary: "CVE-2021-37137", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-37137.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-41182", "CSAFPID-209546", "CSAFPID-40608", "CSAFPID-180216", "CSAFPID-93547", "CSAFPID-180217", "CSAFPID-2310", "CSAFPID-40612", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45182", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-216017", "CSAFPID-764240", "CSAFPID-90021", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-94291", "CSAFPID-493443", "CSAFPID-224796", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-40293", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-93781", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-342793", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-342803", "CSAFPID-204563", "CSAFPID-221118", "CSAFPID-240600", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-1899", "CSAFPID-41111", "CSAFPID-40299", "CSAFPID-187447", "CSAFPID-1900", "CSAFPID-40301", "CSAFPID-180194", "CSAFPID-40298", "CSAFPID-41112", "CSAFPID-41110", "CSAFPID-41113", "CSAFPID-180193", "CSAFPID-1898", "CSAFPID-40300", "CSAFPID-611587", "CSAFPID-40297", "CSAFPID-110244", "CSAFPID-110242", "CSAFPID-9489", "CSAFPID-110249", "CSAFPID-40294", "CSAFPID-110243", "CSAFPID-204629", "CSAFPID-765241", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-41183", "CSAFPID-207586", "CSAFPID-765242", "CSAFPID-205759", "CSAFPID-1893", "CSAFPID-765365", "CSAFPID-765366", "CSAFPID-342804", "CSAFPID-342805", "CSAFPID-204456", "CSAFPID-1882", "CSAFPID-573035", "CSAFPID-204645", "CSAFPID-765367", "CSAFPID-765368", "CSAFPID-764242", "CSAFPID-76994", "CSAFPID-204623", "CSAFPID-352633", "CSAFPID-352632", "CSAFPID-765369", "CSAFPID-204528", "CSAFPID-342802", "CSAFPID-40610", "CSAFPID-40611", "CSAFPID-40609", "CSAFPID-180198", "CSAFPID-180196", "CSAFPID-180201", "CSAFPID-180202", "CSAFPID-40613", "CSAFPID-180199", "CSAFPID-93546", "CSAFPID-180195", "CSAFPID-180200", "CSAFPID-765371", "CSAFPID-89545", "CSAFPID-180215", "CSAFPID-180197", "CSAFPID-204639", "CSAFPID-204627", "CSAFPID-226017", "CSAFPID-219898", "CSAFPID-179774", "CSAFPID-342799", "CSAFPID-765372", "CSAFPID-220125", "CSAFPID-245244", "CSAFPID-204554", "CSAFPID-764739", "CSAFPID-204614", "CSAFPID-345031", "CSAFPID-204635", "CSAFPID-204595", "CSAFPID-204590", "CSAFPID-224787", "CSAFPID-1673381", "CSAFPID-1673382", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", ], }, ], title: "CVE-2021-37137", }, { cve: "CVE-2022-2068", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "other", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, ], product_status: { known_affected: [ "CSAFPID-40949", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45182", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-216017", "CSAFPID-764240", "CSAFPID-90021", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-94291", "CSAFPID-493443", "CSAFPID-224796", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-40293", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-93781", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-342793", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-342803", "CSAFPID-204563", "CSAFPID-221118", "CSAFPID-240600", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-40294", "CSAFPID-93631", "CSAFPID-764900", "CSAFPID-568240", "CSAFPID-355340", "CSAFPID-703515", "CSAFPID-204456", "CSAFPID-764735", "CSAFPID-204635", "CSAFPID-41183", "CSAFPID-234306", "CSAFPID-41182", "CSAFPID-226017", "CSAFPID-219898", "CSAFPID-179774", "CSAFPID-764738", "CSAFPID-764901", "CSAFPID-764902", "CSAFPID-220547", "CSAFPID-187447", "CSAFPID-760687", "CSAFPID-40947", "CSAFPID-2044", "CSAFPID-449747", "CSAFPID-40301", "CSAFPID-449746", "CSAFPID-40298", "CSAFPID-223527", "CSAFPID-760688", "CSAFPID-93636", "CSAFPID-40300", "CSAFPID-93653", "CSAFPID-642000", "CSAFPID-642002", "CSAFPID-642001", "CSAFPID-165576", "CSAFPID-764899", "CSAFPID-40948", "CSAFPID-426842", "CSAFPID-93630", "CSAFPID-204645", "CSAFPID-1893", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2022-2068", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-2068.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-40949", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45182", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-216017", "CSAFPID-764240", "CSAFPID-90021", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-94291", "CSAFPID-493443", "CSAFPID-224796", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-40293", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-93781", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-342793", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-342803", "CSAFPID-204563", "CSAFPID-221118", "CSAFPID-240600", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-40294", "CSAFPID-93631", "CSAFPID-764900", "CSAFPID-568240", "CSAFPID-355340", "CSAFPID-703515", "CSAFPID-204456", "CSAFPID-764735", "CSAFPID-204635", "CSAFPID-41183", "CSAFPID-234306", "CSAFPID-41182", "CSAFPID-226017", "CSAFPID-219898", "CSAFPID-179774", "CSAFPID-764738", "CSAFPID-764901", "CSAFPID-764902", "CSAFPID-220547", "CSAFPID-187447", "CSAFPID-760687", "CSAFPID-40947", "CSAFPID-2044", "CSAFPID-449747", "CSAFPID-40301", "CSAFPID-449746", "CSAFPID-40298", "CSAFPID-223527", "CSAFPID-760688", "CSAFPID-93636", "CSAFPID-40300", "CSAFPID-93653", "CSAFPID-642000", "CSAFPID-642002", "CSAFPID-642001", "CSAFPID-165576", "CSAFPID-764899", "CSAFPID-40948", "CSAFPID-426842", "CSAFPID-93630", "CSAFPID-204645", "CSAFPID-1893", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2022-2068", }, { cve: "CVE-2022-2601", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2022-2601", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-2601.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2022-2601", }, { cve: "CVE-2022-23437", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], product_status: { known_affected: [ "CSAFPID-204629", "CSAFPID-704410", "CSAFPID-704411", "CSAFPID-704412", "CSAFPID-226017", "CSAFPID-179774", "CSAFPID-219898", "CSAFPID-219826", "CSAFPID-204569", "CSAFPID-204510", "CSAFPID-220057", "CSAFPID-220055", "CSAFPID-220909", "CSAFPID-45184", "CSAFPID-45182", "CSAFPID-220559", "CSAFPID-220558", "CSAFPID-220327", "CSAFPID-220325", "CSAFPID-219838", "CSAFPID-220056", "CSAFPID-223511", "CSAFPID-216017", "CSAFPID-220889", "CSAFPID-220918", "CSAFPID-90020", "CSAFPID-90015", "CSAFPID-220133", "CSAFPID-220561", "CSAFPID-90021", "CSAFPID-220881", "CSAFPID-94291", "CSAFPID-220910", "CSAFPID-220324", "CSAFPID-224796", "CSAFPID-224795", "CSAFPID-220326", "CSAFPID-764734", "CSAFPID-40293", "CSAFPID-220167", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764736", "CSAFPID-764737", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-219803", "CSAFPID-375182", "CSAFPID-342803", "CSAFPID-1266", "CSAFPID-219776", "CSAFPID-224791", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-764738", "CSAFPID-240600", "CSAFPID-764739", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-764240", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-493443", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-204563", "CSAFPID-8984", "CSAFPID-220548", "CSAFPID-608629", "CSAFPID-93784", "CSAFPID-41111", "CSAFPID-1685", "CSAFPID-493445", "CSAFPID-294401", "CSAFPID-220547", "CSAFPID-764824", "CSAFPID-220459", "CSAFPID-764825", "CSAFPID-93635", "CSAFPID-503534", "CSAFPID-503493", "CSAFPID-493444", "CSAFPID-93633", "CSAFPID-260395", "CSAFPID-260393", "CSAFPID-220468", "CSAFPID-93636", "CSAFPID-93634", "CSAFPID-589926", "CSAFPID-179780", "CSAFPID-589925", "CSAFPID-179779", "CSAFPID-764826", "CSAFPID-764827", "CSAFPID-764828", "CSAFPID-764829", "CSAFPID-764830", "CSAFPID-220190", "CSAFPID-220189", "CSAFPID-764833", "CSAFPID-41183", "CSAFPID-764834", "CSAFPID-234306", "CSAFPID-764835", "CSAFPID-187447", "CSAFPID-760687", "CSAFPID-40947", "CSAFPID-2044", "CSAFPID-449747", "CSAFPID-40301", "CSAFPID-449746", "CSAFPID-40298", "CSAFPID-223527", "CSAFPID-760688", "CSAFPID-40300", "CSAFPID-93653", "CSAFPID-40949", "CSAFPID-642000", "CSAFPID-642002", "CSAFPID-642001", "CSAFPID-165576", "CSAFPID-764899", "CSAFPID-40948", "CSAFPID-426842", "CSAFPID-93630", "CSAFPID-204645", "CSAFPID-1893", "CSAFPID-40294", "CSAFPID-93631", "CSAFPID-764900", "CSAFPID-568240", "CSAFPID-355340", "CSAFPID-703515", "CSAFPID-204456", "CSAFPID-204635", "CSAFPID-41182", "CSAFPID-764901", "CSAFPID-764902", "CSAFPID-1899", "CSAFPID-40299", "CSAFPID-1900", "CSAFPID-180194", "CSAFPID-41112", "CSAFPID-41110", "CSAFPID-41113", "CSAFPID-180193", "CSAFPID-1898", "CSAFPID-611587", "CSAFPID-40297", "CSAFPID-110244", "CSAFPID-110242", "CSAFPID-9489", "CSAFPID-110249", "CSAFPID-110243", "CSAFPID-765241", "CSAFPID-209546", "CSAFPID-207586", "CSAFPID-765242", "CSAFPID-205759", "CSAFPID-765365", "CSAFPID-765366", "CSAFPID-342804", "CSAFPID-342805", "CSAFPID-1882", "CSAFPID-573035", "CSAFPID-765367", "CSAFPID-765368", "CSAFPID-764242", "CSAFPID-76994", "CSAFPID-204623", "CSAFPID-352633", "CSAFPID-352632", "CSAFPID-765369", "CSAFPID-204528", "CSAFPID-342802", "CSAFPID-40610", "CSAFPID-40611", "CSAFPID-40609", "CSAFPID-180198", "CSAFPID-180217", "CSAFPID-180196", "CSAFPID-40612", "CSAFPID-180201", "CSAFPID-180216", "CSAFPID-180202", "CSAFPID-40613", "CSAFPID-40608", "CSAFPID-180199", "CSAFPID-93546", "CSAFPID-180195", "CSAFPID-2310", "CSAFPID-93547", "CSAFPID-180200", "CSAFPID-765371", "CSAFPID-89545", "CSAFPID-180215", "CSAFPID-180197", "CSAFPID-204639", "CSAFPID-204627", "CSAFPID-342799", "CSAFPID-765372", "CSAFPID-220125", "CSAFPID-245244", "CSAFPID-204554", "CSAFPID-204614", "CSAFPID-345031", "CSAFPID-204595", "CSAFPID-204590", "CSAFPID-224787", "CSAFPID-1673065", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2022-23437", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-23437.json", }, ], title: "CVE-2022-23437", }, { cve: "CVE-2022-36760", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, notes: [ { category: "other", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, ], product_status: { known_affected: [ "CSAFPID-220057", "CSAFPID-220055", "CSAFPID-220909", "CSAFPID-45184", "CSAFPID-45182", "CSAFPID-220559", "CSAFPID-220558", "CSAFPID-220327", "CSAFPID-220325", "CSAFPID-219838", "CSAFPID-220056", "CSAFPID-223511", "CSAFPID-216017", "CSAFPID-220889", "CSAFPID-220918", "CSAFPID-90020", "CSAFPID-90015", "CSAFPID-220133", "CSAFPID-220561", "CSAFPID-90021", "CSAFPID-220881", "CSAFPID-94291", "CSAFPID-220910", "CSAFPID-220324", "CSAFPID-224796", "CSAFPID-224795", "CSAFPID-220326", "CSAFPID-764734", "CSAFPID-40293", "CSAFPID-220167", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764736", "CSAFPID-764737", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-704412", "CSAFPID-704411", "CSAFPID-704410", "CSAFPID-219803", "CSAFPID-375182", "CSAFPID-342803", "CSAFPID-1266", "CSAFPID-219776", "CSAFPID-224791", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-764738", "CSAFPID-240600", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-764240", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-493443", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-204563", "CSAFPID-8984", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2022-36760", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-36760.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-220057", "CSAFPID-220055", "CSAFPID-220909", "CSAFPID-45184", "CSAFPID-45182", "CSAFPID-220559", "CSAFPID-220558", "CSAFPID-220327", "CSAFPID-220325", "CSAFPID-219838", "CSAFPID-220056", "CSAFPID-223511", "CSAFPID-216017", "CSAFPID-220889", "CSAFPID-220918", "CSAFPID-90020", "CSAFPID-90015", "CSAFPID-220133", "CSAFPID-220561", "CSAFPID-90021", "CSAFPID-220881", "CSAFPID-94291", "CSAFPID-220910", "CSAFPID-220324", "CSAFPID-224796", "CSAFPID-224795", "CSAFPID-220326", "CSAFPID-764734", "CSAFPID-40293", "CSAFPID-220167", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764736", "CSAFPID-764737", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-704412", "CSAFPID-704411", "CSAFPID-704410", "CSAFPID-219803", "CSAFPID-375182", "CSAFPID-342803", "CSAFPID-1266", "CSAFPID-219776", "CSAFPID-224791", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-764738", "CSAFPID-240600", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-764240", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-493443", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-204563", "CSAFPID-8984", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2022-36760", }, { cve: "CVE-2023-2953", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1673391", "CSAFPID-1673392", "CSAFPID-1673393", "CSAFPID-1673394", "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2023-2953", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-2953.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1673391", "CSAFPID-1673392", "CSAFPID-1673393", "CSAFPID-1673394", "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2023-2953", }, { cve: "CVE-2023-3635", cwe: { id: "CWE-195", name: "Signed to Unsigned Conversion Error", }, notes: [ { category: "other", text: "Signed to Unsigned Conversion Error", title: "CWE-195", }, { category: "other", text: "Uncaught Exception", title: "CWE-248", }, ], product_status: { known_affected: [ "CSAFPID-94291", "CSAFPID-40293", "CSAFPID-204622", "CSAFPID-1265", "CSAFPID-1261", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-1673399", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-219909", "CSAFPID-220558", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-240600", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611401", "CSAFPID-611406", "CSAFPID-611407", "CSAFPID-611408", "CSAFPID-611413", "CSAFPID-611595", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-219803", "CSAFPID-219838", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-342803", "CSAFPID-614513", "CSAFPID-614514", "CSAFPID-614515", "CSAFPID-614516", "CSAFPID-614517", "CSAFPID-618156", "CSAFPID-643776", "CSAFPID-764237", "CSAFPID-764238", "CSAFPID-764239", "CSAFPID-764240", "CSAFPID-764241", "CSAFPID-764242", "CSAFPID-764243", "CSAFPID-764247", "CSAFPID-764248", "CSAFPID-764249", "CSAFPID-816346", "CSAFPID-816347", "CSAFPID-816348", "CSAFPID-816349", "CSAFPID-816350", "CSAFPID-816351", "CSAFPID-816352", "CSAFPID-816353", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816776", "CSAFPID-816777", "CSAFPID-816778", "CSAFPID-816779", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-764735", "CSAFPID-764738", "CSAFPID-912073", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-912102", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", ], }, references: [ { category: "self", summary: "CVE-2023-3635", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-3635.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-94291", "CSAFPID-40293", "CSAFPID-204622", "CSAFPID-1265", "CSAFPID-1261", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-1673399", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-219909", "CSAFPID-220558", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-240600", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611401", "CSAFPID-611406", "CSAFPID-611407", "CSAFPID-611408", "CSAFPID-611413", "CSAFPID-611595", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-219803", "CSAFPID-219838", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-342803", "CSAFPID-614513", "CSAFPID-614514", "CSAFPID-614515", "CSAFPID-614516", "CSAFPID-614517", "CSAFPID-618156", "CSAFPID-643776", "CSAFPID-764237", "CSAFPID-764238", "CSAFPID-764239", "CSAFPID-764240", "CSAFPID-764241", "CSAFPID-764242", "CSAFPID-764243", "CSAFPID-764247", "CSAFPID-764248", "CSAFPID-764249", "CSAFPID-816346", "CSAFPID-816347", "CSAFPID-816348", "CSAFPID-816349", "CSAFPID-816350", "CSAFPID-816351", "CSAFPID-816352", "CSAFPID-816353", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816776", "CSAFPID-816777", "CSAFPID-816778", "CSAFPID-816779", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-764735", "CSAFPID-764738", "CSAFPID-912073", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-912102", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", ], }, ], title: "CVE-2023-3635", }, { cve: "CVE-2023-4043", cwe: { id: "CWE-834", name: "Excessive Iteration", }, notes: [ { category: "other", text: "Excessive Iteration", title: "CWE-834", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-219838", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816346", "CSAFPID-816776", "CSAFPID-816348", "CSAFPID-816777", "CSAFPID-816347", "CSAFPID-94291", "CSAFPID-816778", "CSAFPID-614517", "CSAFPID-816779", "CSAFPID-816349", "CSAFPID-40293", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816353", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816352", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-342804", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-224793", "CSAFPID-816794", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-219803", "CSAFPID-219909", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-240600", "CSAFPID-342803", "CSAFPID-611595", "CSAFPID-764738", "CSAFPID-816351", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-219826", "CSAFPID-764739", "CSAFPID-912073", "CSAFPID-912558", ], }, references: [ { category: "self", summary: "CVE-2023-4043", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4043.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-219838", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816346", "CSAFPID-816776", "CSAFPID-816348", "CSAFPID-816777", "CSAFPID-816347", "CSAFPID-94291", "CSAFPID-816778", "CSAFPID-614517", "CSAFPID-816779", "CSAFPID-816349", "CSAFPID-40293", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816353", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816352", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-342804", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-224793", "CSAFPID-816794", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-219803", "CSAFPID-219909", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-240600", "CSAFPID-342803", "CSAFPID-611595", "CSAFPID-764738", "CSAFPID-816351", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-219826", "CSAFPID-764739", "CSAFPID-912073", "CSAFPID-912558", ], }, ], title: "CVE-2023-4043", }, { cve: "CVE-2023-5685", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2023-5685", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5685.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2023-5685", }, { cve: "CVE-2023-6597", cwe: { id: "CWE-61", name: "UNIX Symbolic Link (Symlink) Following", }, notes: [ { category: "other", text: "UNIX Symbolic Link (Symlink) Following", title: "CWE-61", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2023-6597", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6597.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2023-6597", }, { cve: "CVE-2023-6816", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2023-6816", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6816.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2023-6816", }, { cve: "CVE-2023-38408", cwe: { id: "CWE-94", name: "Improper Control of Generation of Code ('Code Injection')", }, notes: [ { category: "other", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-45182", "CSAFPID-40293", "CSAFPID-611406", "CSAFPID-764237", "CSAFPID-220558", "CSAFPID-764238", "CSAFPID-764239", "CSAFPID-614513", "CSAFPID-643776", "CSAFPID-611387", "CSAFPID-618156", "CSAFPID-614516", "CSAFPID-614515", "CSAFPID-614514", "CSAFPID-764240", "CSAFPID-94291", "CSAFPID-611401", "CSAFPID-614517", "CSAFPID-764241", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-764243", "CSAFPID-342804", "CSAFPID-611408", "CSAFPID-611407", "CSAFPID-764247", "CSAFPID-764248", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-611595", "CSAFPID-764249", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-240600", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2023-38408", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-38408.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-45182", "CSAFPID-40293", "CSAFPID-611406", "CSAFPID-764237", "CSAFPID-220558", "CSAFPID-764238", "CSAFPID-764239", "CSAFPID-614513", "CSAFPID-643776", "CSAFPID-611387", "CSAFPID-618156", "CSAFPID-614516", "CSAFPID-614515", "CSAFPID-614514", "CSAFPID-764240", "CSAFPID-94291", "CSAFPID-611401", "CSAFPID-614517", "CSAFPID-764241", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-764243", "CSAFPID-342804", "CSAFPID-611408", "CSAFPID-611407", "CSAFPID-764247", "CSAFPID-764248", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-611595", "CSAFPID-764249", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-240600", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2023-38408", }, { cve: "CVE-2023-43642", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-40293", "CSAFPID-1265", "CSAFPID-1261", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-1673395", "CSAFPID-94291", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-204622", "CSAFPID-219803", "CSAFPID-219838", "CSAFPID-219909", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-224793", "CSAFPID-240600", "CSAFPID-342793", "CSAFPID-342803", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-611595", "CSAFPID-614517", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764738", "CSAFPID-816346", "CSAFPID-816347", "CSAFPID-816348", "CSAFPID-816349", "CSAFPID-816350", "CSAFPID-816351", "CSAFPID-816352", "CSAFPID-816353", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816776", "CSAFPID-816777", "CSAFPID-816778", "CSAFPID-816779", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", ], }, references: [ { category: "self", summary: "CVE-2023-43642", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-43642.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-40293", "CSAFPID-1265", "CSAFPID-1261", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-1673395", "CSAFPID-94291", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-204622", "CSAFPID-219803", "CSAFPID-219838", "CSAFPID-219909", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-224793", "CSAFPID-240600", "CSAFPID-342793", "CSAFPID-342803", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-611595", "CSAFPID-614517", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764738", "CSAFPID-816346", "CSAFPID-816347", "CSAFPID-816348", "CSAFPID-816349", "CSAFPID-816350", "CSAFPID-816351", "CSAFPID-816352", "CSAFPID-816353", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816776", "CSAFPID-816777", "CSAFPID-816778", "CSAFPID-816779", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", ], }, ], title: "CVE-2023-43642", }, { cve: "CVE-2023-46136", cwe: { id: "CWE-407", name: "Inefficient Algorithmic Complexity", }, notes: [ { category: "other", text: "Inefficient Algorithmic Complexity", title: "CWE-407", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673411", "CSAFPID-912549", "CSAFPID-1673412", "CSAFPID-1673413", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1503590", "CSAFPID-1673393", "CSAFPID-1673395", "CSAFPID-220132", "CSAFPID-1503585", "CSAFPID-1673392", "CSAFPID-1503589", "CSAFPID-1673415", "CSAFPID-1673416", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2023-46136", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46136.json", }, ], scores: [ { cvss_v3: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673411", "CSAFPID-912549", "CSAFPID-1673412", "CSAFPID-1673413", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1503590", "CSAFPID-1673393", "CSAFPID-1673395", "CSAFPID-220132", "CSAFPID-1503585", "CSAFPID-1673392", "CSAFPID-1503589", "CSAFPID-1673415", "CSAFPID-1673416", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2023-46136", }, { cve: "CVE-2023-48795", cwe: { id: "CWE-222", name: "Truncation of Security-relevant Information", }, notes: [ { category: "other", text: "Truncation of Security-relevant Information", title: "CWE-222", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-219838", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816346", "CSAFPID-816776", "CSAFPID-816348", "CSAFPID-816777", "CSAFPID-816347", "CSAFPID-94291", "CSAFPID-816778", "CSAFPID-614517", "CSAFPID-816779", "CSAFPID-816349", "CSAFPID-40293", "CSAFPID-764242", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816353", "CSAFPID-816786", "CSAFPID-816352", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-219803", "CSAFPID-816351", "CSAFPID-611595", "CSAFPID-342803", "CSAFPID-1266", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673417", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-90016", "CSAFPID-764826", "CSAFPID-345038", "CSAFPID-912079", "CSAFPID-220132", "CSAFPID-93781", "CSAFPID-345039", "CSAFPID-912080", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-611413", "CSAFPID-240600", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-1503601", "CSAFPID-1503602", ], }, references: [ { category: "self", summary: "CVE-2023-48795", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-219838", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816346", "CSAFPID-816776", "CSAFPID-816348", "CSAFPID-816777", "CSAFPID-816347", "CSAFPID-94291", "CSAFPID-816778", "CSAFPID-614517", "CSAFPID-816779", "CSAFPID-816349", "CSAFPID-40293", "CSAFPID-764242", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816353", "CSAFPID-816786", "CSAFPID-816352", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-219803", "CSAFPID-816351", "CSAFPID-611595", "CSAFPID-342803", "CSAFPID-1266", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673417", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-90016", "CSAFPID-764826", "CSAFPID-345038", "CSAFPID-912079", "CSAFPID-220132", "CSAFPID-93781", "CSAFPID-345039", "CSAFPID-912080", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-611413", "CSAFPID-240600", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-1503601", "CSAFPID-1503602", ], }, ], title: "CVE-2023-48795", }, { cve: "CVE-2023-51775", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650751", "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2023-51775", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-51775.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650751", "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2023-51775", }, { cve: "CVE-2023-52428", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912073", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912102", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2023-52428", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52428.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912073", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912102", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2023-52428", }, { cve: "CVE-2024-0450", cwe: { id: "CWE-450", name: "Multiple Interpretations of UI Input", }, notes: [ { category: "other", text: "Multiple Interpretations of UI Input", title: "CWE-450", }, { category: "other", text: "Asymmetric Resource Consumption (Amplification)", title: "CWE-405", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-0450", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0450.json", }, ], scores: [ { cvss_v3: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-0450", }, { cve: "CVE-2024-2398", cwe: { id: "CWE-772", name: "Missing Release of Resource after Effective Lifetime", }, notes: [ { category: "other", text: "Missing Release of Resource after Effective Lifetime", title: "CWE-772", }, { category: "other", text: "Missing Release of Memory after Effective Lifetime", title: "CWE-401", }, ], product_status: { known_affected: [ "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1673399", "CSAFPID-1673391", "CSAFPID-1673394", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-2398", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2398.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1673399", "CSAFPID-1673391", "CSAFPID-1673394", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-2398", }, { cve: "CVE-2024-4577", cwe: { id: "CWE-88", name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", title: "CWE-88", }, { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, ], product_status: { known_affected: [ "CSAFPID-1650731", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-4577", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4577.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1650731", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-4577", }, { cve: "CVE-2024-4603", cwe: { id: "CWE-606", name: "Unchecked Input for Loop Condition", }, notes: [ { category: "other", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, ], product_status: { known_affected: [ "CSAFPID-1673391", "CSAFPID-1673394", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-4603", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4603.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673391", "CSAFPID-1673394", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-4603", }, { cve: "CVE-2024-5585", cwe: { id: "CWE-116", name: "Improper Encoding or Escaping of Output", }, notes: [ { category: "other", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "other", text: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", title: "CWE-88", }, ], product_status: { known_affected: [ "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", ], }, references: [ { category: "self", summary: "CVE-2024-5585", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5585.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", ], }, ], title: "CVE-2024-5585", }, { cve: "CVE-2024-5971", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, notes: [ { category: "other", text: "Uncontrolled Recursion", title: "CWE-674", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1673399", "CSAFPID-1673526", "CSAFPID-1673413", "CSAFPID-1673396", "CSAFPID-1673415", "CSAFPID-1673501", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-5971", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5971.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1673399", "CSAFPID-1673526", "CSAFPID-1673413", "CSAFPID-1673396", "CSAFPID-1673415", "CSAFPID-1673501", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-5971", }, { cve: "CVE-2024-6162", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673526", "CSAFPID-1673399", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-6162", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6162.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673526", "CSAFPID-1673399", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-6162", }, { cve: "CVE-2024-6387", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "other", text: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", title: "CWE-362", }, { category: "other", text: "Signal Handler Race Condition", title: "CWE-364", }, ], product_status: { known_affected: [ "CSAFPID-1503595", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-6387", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6387.json", }, ], title: "CVE-2024-6387", }, { cve: "CVE-2024-7254", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Uncontrolled Recursion", title: "CWE-674", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673391", "CSAFPID-1673394", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-7254", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7254.json", }, ], title: "CVE-2024-7254", }, { cve: "CVE-2024-7264", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1673530", "CSAFPID-1673382", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", ], }, references: [ { category: "self", summary: "CVE-2024-7264", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7264.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673530", "CSAFPID-1673382", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", ], }, ], title: "CVE-2024-7264", }, { cve: "CVE-2024-22020", product_status: { known_affected: [ "CSAFPID-912101", "CSAFPID-1673473", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-22020", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22020.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-912101", "CSAFPID-1673473", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-22020", }, { cve: "CVE-2024-22201", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673475", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-219776", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-224795", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2024-22201", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22201.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673475", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-219776", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-224795", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2024-22201", }, { cve: "CVE-2024-22257", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-764237", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-342804", "CSAFPID-912080", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2024-22257", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22257.json", }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-764237", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-342804", "CSAFPID-912080", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2024-22257", }, { cve: "CVE-2024-22262", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, notes: [ { category: "other", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650820", "CSAFPID-1650751", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-22262", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22262.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650820", "CSAFPID-1650751", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-22262", }, { cve: "CVE-2024-23672", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, notes: [ { category: "other", text: "Incomplete Cleanup", title: "CWE-459", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650826", "CSAFPID-1650731", "CSAFPID-1673382", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-614517", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2024-23672", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23672.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650826", "CSAFPID-1650731", "CSAFPID-1673382", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-614517", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2024-23672", }, { cve: "CVE-2024-23807", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650734", "CSAFPID-1650830", "CSAFPID-1650777", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-1650778", "CSAFPID-41182", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-23807", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23807.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650734", "CSAFPID-1650830", "CSAFPID-1650777", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-1650778", "CSAFPID-41182", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-23807", }, { cve: "CVE-2024-24549", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650826", "CSAFPID-1673382", "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-342804", "CSAFPID-912080", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2024-24549", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24549.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650826", "CSAFPID-1673382", "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-342804", "CSAFPID-912080", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2024-24549", }, { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650751", "CSAFPID-1650752", "CSAFPID-1673481", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-614517", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2024-25062", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25062.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650751", "CSAFPID-1650752", "CSAFPID-1673481", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-614517", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2024-25062", }, { cve: "CVE-2024-25638", cwe: { id: "CWE-345", name: "Insufficient Verification of Data Authenticity", }, notes: [ { category: "other", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, { category: "other", text: "Acceptance of Extraneous Untrusted Data With Trusted Data", title: "CWE-349", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-25638", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25638.json", }, ], scores: [ { cvss_v3: { baseScore: 8.9, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-25638", }, { cve: "CVE-2024-26308", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2024-26308", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26308.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2024-26308", }, { cve: "CVE-2024-28182", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Detection of Error Condition Without Action", title: "CWE-390", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1673485", "CSAFPID-1673393", "CSAFPID-1673394", "CSAFPID-1673389", "CSAFPID-1672767", "CSAFPID-1673391", "CSAFPID-1673392", "CSAFPID-1673415", "CSAFPID-1673390", "CSAFPID-1673413", "CSAFPID-1673395", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-28182", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28182.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1673485", "CSAFPID-1673393", "CSAFPID-1673394", "CSAFPID-1673389", "CSAFPID-1672767", "CSAFPID-1673391", "CSAFPID-1673392", "CSAFPID-1673415", "CSAFPID-1673390", "CSAFPID-1673413", "CSAFPID-1673395", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-28182", }, { cve: "CVE-2024-28849", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673414", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-28849", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28849.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673414", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-28849", }, { cve: "CVE-2024-29025", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673494", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-29025", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673494", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-29025", }, { cve: "CVE-2024-29133", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1650820", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-29133", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29133.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1650820", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-29133", }, { cve: "CVE-2024-29736", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, notes: [ { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, ], product_status: { known_affected: [ "CSAFPID-1673399", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-29736", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29736.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1673399", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-29736", }, { cve: "CVE-2024-29857", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], product_status: { known_affected: [ "CSAFPID-1673413", "CSAFPID-1673415", "CSAFPID-1673501", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-29857", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29857.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673413", "CSAFPID-1673415", "CSAFPID-1673501", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-29857", }, { cve: "CVE-2024-30251", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], product_status: { known_affected: [ "CSAFPID-912079", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-30251", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-30251.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-912079", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-30251", }, { cve: "CVE-2024-31080", cwe: { id: "CWE-126", name: "Buffer Over-read", }, notes: [ { category: "other", text: "Buffer Over-read", title: "CWE-126", }, { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-31080", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-31080.json", }, ], title: "CVE-2024-31080", }, { cve: "CVE-2024-31744", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673392", "CSAFPID-1673393", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-31744", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-31744.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673392", "CSAFPID-1673393", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-31744", }, { cve: "CVE-2024-32760", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-32760", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32760.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-32760", }, { cve: "CVE-2024-33602", cwe: { id: "CWE-466", name: "Return of Pointer Value Outside of Expected Range", }, notes: [ { category: "other", text: "Return of Pointer Value Outside of Expected Range", title: "CWE-466", }, { category: "other", text: "Improper Check or Handling of Exceptional Conditions", title: "CWE-703", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1673396", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1672762", "CSAFPID-1673395", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673494", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-33602", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33602.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1673396", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1672762", "CSAFPID-1673395", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673494", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-33602", }, { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, notes: [ { category: "other", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673481", "CSAFPID-1503596", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-34750", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34750.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673481", "CSAFPID-1503596", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-34750", }, { cve: "CVE-2024-37371", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, notes: [ { category: "other", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1673413", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1503590", "CSAFPID-1673393", "CSAFPID-1673395", "CSAFPID-1673399", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673392", "CSAFPID-1503589", "CSAFPID-1673415", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-37371", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37371.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1673413", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1503590", "CSAFPID-1673393", "CSAFPID-1673395", "CSAFPID-1673399", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673392", "CSAFPID-1503589", "CSAFPID-1673415", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-37371", }, { cve: "CVE-2024-37891", cwe: { id: "CWE-669", name: "Incorrect Resource Transfer Between Spheres", }, notes: [ { category: "other", text: "Incorrect Resource Transfer Between Spheres", title: "CWE-669", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-37891", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37891.json", }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-37891", }, { cve: "CVE-2024-38816", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], product_status: { known_affected: [ "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-38816", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38816.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-38816", }, { cve: "CVE-2024-39689", cwe: { id: "CWE-345", name: "Insufficient Verification of Data Authenticity", }, notes: [ { category: "other", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1673392", "CSAFPID-1673393", ], }, references: [ { category: "self", summary: "CVE-2024-39689", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39689.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1673392", "CSAFPID-1673393", ], }, ], title: "CVE-2024-39689", }, { cve: "CVE-2024-40898", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, notes: [ { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, ], product_status: { known_affected: [ "CSAFPID-1673516", "CSAFPID-1673411", "CSAFPID-1673412", "CSAFPID-1650731", "CSAFPID-1673382", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-40898", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40898.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1673516", "CSAFPID-1673411", "CSAFPID-1673412", "CSAFPID-1650731", "CSAFPID-1673382", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-40898", }, { cve: "CVE-2024-41817", cwe: { id: "CWE-427", name: "Uncontrolled Search Path Element", }, notes: [ { category: "other", text: "Uncontrolled Search Path Element", title: "CWE-427", }, ], product_status: { known_affected: [ "CSAFPID-1673382", "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1674625", ], }, references: [ { category: "self", summary: "CVE-2024-41817", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41817.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673382", "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1674625", ], }, ], title: "CVE-2024-41817", }, { cve: "CVE-2024-43044", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "other", text: "Improper Check for Unusual or Exceptional Conditions", title: "CWE-754", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673411", "CSAFPID-1673412", "CSAFPID-1673413", "CSAFPID-1673396", "CSAFPID-1673392", "CSAFPID-1673494", "CSAFPID-1673393", "CSAFPID-1673415", "CSAFPID-1673416", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-43044", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-43044.json", }, ], scores: [ { cvss_v3: { baseScore: 9, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673411", "CSAFPID-1673412", "CSAFPID-1673413", "CSAFPID-1673396", "CSAFPID-1673392", "CSAFPID-1673494", "CSAFPID-1673393", "CSAFPID-1673415", "CSAFPID-1673416", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-43044", }, { cve: "CVE-2024-45492", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-1673382", "CSAFPID-1673399", "CSAFPID-1650731", "CSAFPID-1673517", "CSAFPID-1673396", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-45492", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45492.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673382", "CSAFPID-1673399", "CSAFPID-1650731", "CSAFPID-1673517", "CSAFPID-1673396", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-45492", }, ], }
ncsc-2025-0025
Vulnerability from csaf_ncscnl
Notes
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Oracle heeft meerdere kwetsbaarheden verholpen in Financial Services en componenten.", title: "Feiten", }, { category: "description", text: "De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot kritieke gegevens en de systeemintegriteit in gevaar te brengen. Specifieke kwetsbaarheden kunnen leiden tot compromittering van vertrouwelijkheid, integriteit en beschikbaarheid, met schadeclassificaties variërend van gemiddeld tot hoog. Sommige kwetsbaarheden kunnen op afstand worden uitgebuit zonder gebruikersinteractie, wat het risico op privilege-escalatie en denial-of-service vergroot.", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Incorrect Conversion between Numeric Types", title: "CWE-681", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, { category: "general", text: "Incorrect Calculation of Buffer Size", title: "CWE-131", }, { category: "general", text: "Improper Handling of Case Sensitivity", title: "CWE-178", }, { category: "general", text: "Improper Access Control", title: "CWE-284", }, { category: "general", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, { category: "general", text: "Improper Restriction of XML External Entity Reference", title: "CWE-611", }, { category: "general", text: "Always-Incorrect Control Flow Implementation", title: "CWE-670", }, { category: "general", text: "Integer Coercion Error", title: "CWE-192", }, { category: "general", text: "Use of Potentially Dangerous Function", title: "CWE-676", }, { category: "general", text: "Truncation of Security-relevant Information", title: "CWE-222", }, { category: "general", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "general", text: "Incorrect Type Conversion or Cast", title: "CWE-704", }, { category: "general", text: "Integer Overflow to Buffer Overflow", title: "CWE-680", }, { category: "general", text: "Untrusted Search Path", title: "CWE-426", }, { category: "general", text: "Improper Validation of Integrity Check Value", title: "CWE-354", }, { category: "general", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "general", text: "Insertion of Sensitive Information into Log File", title: "CWE-532", }, { category: "general", text: "Authorization Bypass Through User-Controlled Key", title: "CWE-639", }, { category: "general", text: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", title: "CWE-757", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "general", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "general", text: "Stack-based Buffer Overflow", title: "CWE-121", }, { category: "general", text: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", title: "CWE-120", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - cveprojectv5; nvd; oracle", url: "https://www.oracle.com/security-alerts/cpujan2025.html", }, ], title: "Kwetsbaarheden verholpen in Oracle Financial Services", tracking: { current_release_date: "2025-01-22T13:33:00.723963Z", id: "NCSC-2025-0025", initial_release_date: "2025-01-22T13:33:00.723963Z", revision_history: [ { date: "2025-01-22T13:33:00.723963Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-342808", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-345045", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-1751072", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-9711", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-345044", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-1751083", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-9300", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-345043", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-9522", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-345042", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-8848", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-93309", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-189066", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-93305", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-189064", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-189063", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-1751078", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-189065", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_reconciliation_framework", product: { name: "financial_services_analytical_applications_reconciliation_framework", product_id: "CSAFPID-363146", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.0.7.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_reconciliation_framework", product: { name: "financial_services_analytical_applications_reconciliation_framework", product_id: "CSAFPID-363129", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.1.1.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_asset_liability_management", product: { name: "financial_services_asset_liability_management", product_id: "CSAFPID-363142", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_balance_computation_engine", product: { name: "financial_services_balance_computation_engine", product_id: "CSAFPID-363130", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_balance_computation_engine:8.1.1.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_balance_sheet_planning", product: { name: "financial_services_balance_sheet_planning", product_id: "CSAFPID-363135", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8.1.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_basel_regulatory_capital_basic", product: { name: "financial_services_basel_regulatory_capital_basic", product_id: "CSAFPID-1503626", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.0.7.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_basel_regulatory_capital_basic", product: { name: "financial_services_basel_regulatory_capital_basic", product_id: "CSAFPID-1503627", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.0.8.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_basel_regulatory_capital_internal_ratings_based_approach", product: { name: "financial_services_basel_regulatory_capital_internal_ratings_based_approach", product_id: "CSAFPID-1503628", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.0.7.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_basel_regulatory_capital_internal_ratings_based_approach", product: { name: "financial_services_basel_regulatory_capital_internal_ratings_based_approach", product_id: "CSAFPID-1503629", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.0.8.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-765261", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-93312", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-220456", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.7.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-93311", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-189067", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-93308", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-93307", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-93306", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-220368", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-220449", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-345041", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-219772", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-219770", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-816828", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-1503630", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-1751074", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_cash_flow_engine", product: { name: "financial_services_cash_flow_engine", product_id: "CSAFPID-764273", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_cash_flow_engine:8.1.2.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_compliance_studio", product: { name: "financial_services_compliance_studio", product_id: "CSAFPID-345047", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_compliance_studio", product: { name: "financial_services_compliance_studio", product_id: "CSAFPID-816829", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_compliance_studio", product: { name: "financial_services_compliance_studio", product_id: "CSAFPID-1503631", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_compliance_studio", product: { name: "financial_services_compliance_studio", product_id: "CSAFPID-1503632", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_crime_and_compliance_management_studio", product: { name: "financial_services_crime_and_compliance_management_studio", product_id: "CSAFPID-93648", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_crime_and_compliance_management_studio", product: { name: "financial_services_crime_and_compliance_management_studio", product_id: "CSAFPID-93647", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_crime_and_compliance_management_studio", product: { name: "financial_services_crime_and_compliance_management_studio", product_id: "CSAFPID-764857", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_crime_and_compliance_management_studio", product: { name: "financial_services_crime_and_compliance_management_studio", product_id: "CSAFPID-391382", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_crime_and_compliance_management_studio", product: { name: "financial_services_crime_and_compliance_management_studio", product_id: "CSAFPID-765262", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:_studio___8.0.8.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_crime_and_compliance_management_studio", product: { name: "financial_services_crime_and_compliance_management_studio", product_id: "CSAFPID-765263", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:_studio___8.0.8.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_currency_transaction_reporting", product: { name: "financial_services_currency_transaction_reporting", product_id: "CSAFPID-493291", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_currency_transaction_reporting:8.0.8.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_currency_transaction_reporting", product: { name: "financial_services_currency_transaction_reporting", product_id: "CSAFPID-493290", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_currency_transaction_reporting:8.1.1.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_currency_transaction_reporting", product: { name: "financial_services_currency_transaction_reporting", product_id: "CSAFPID-493289", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_currency_transaction_reporting:8.1.2.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_currency_transaction_reporting", product: { name: "financial_services_currency_transaction_reporting", product_id: "CSAFPID-493288", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_currency_transaction_reporting:8.1.2.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_data_governance_for_us_regulatory_reporting", product: { name: "financial_services_data_governance_for_us_regulatory_reporting", product_id: "CSAFPID-363128", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:8.1.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_data_governance_for_us_regulatory_reporting", product: { name: "financial_services_data_governance_for_us_regulatory_reporting", product_id: "CSAFPID-363127", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:8.1.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_data_integration_hub", product: { name: "financial_services_data_integration_hub", product_id: "CSAFPID-363144", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_data_integration_hub", product: { name: "financial_services_data_integration_hub", product_id: "CSAFPID-363131", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0.1.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_data_integration_hub", product: { name: "financial_services_data_integration_hub", product_id: "CSAFPID-363126", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.2.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_deposit_insurance_calculations_for_liquidity_risk_management", product: { name: "financial_services_deposit_insurance_calculations_for_liquidity_risk_management", product_id: "CSAFPID-363143", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_deposit_insurance_calculations_for_liquidity_risk_management:8.0.7.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_deposit_insurance_calculations_for_liquidity_risk_management", product: { name: "financial_services_deposit_insurance_calculations_for_liquidity_risk_management", product_id: "CSAFPID-363133", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_deposit_insurance_calculations_for_liquidity_risk_management:8.0.8.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-567702", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-220378", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-220377", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-220455", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-220607", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-220372", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-1503633", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.2.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-219774", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-180191", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-1503634", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1.18:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-180190", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-180189", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-220369", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-220448", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-345040", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-219773", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-219771", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-1503635", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-816830", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-1503636", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.7.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_financial_performance_analytics", product: { name: "financial_services_enterprise_financial_performance_analytics", product_id: "CSAFPID-363141", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7.8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_funds_transfer_pricing", product: { name: "financial_services_funds_transfer_pricing", product_id: "CSAFPID-363138", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7.8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_institutional_performance_analytics", product: { name: "financial_services_institutional_performance_analytics", product_id: "CSAFPID-363136", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7.8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_lending_and_leasing", product: { name: "financial_services_lending_and_leasing", product_id: "CSAFPID-816831", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_lending_and_leasing:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_liquidity_risk_measurement_and_management", product: { name: "financial_services_liquidity_risk_measurement_and_management", product_id: "CSAFPID-363145", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_liquidity_risk_measurement_and_management", product: { name: "financial_services_liquidity_risk_measurement_and_management", product_id: "CSAFPID-363132", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_loan_loss_forecasting_and_provisioning", product: { name: "financial_services_loan_loss_forecasting_and_provisioning", product_id: "CSAFPID-363140", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.0.7.8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_loan_loss_forecasting_and_provisioning", product: { name: "financial_services_loan_loss_forecasting_and_provisioning", product_id: "CSAFPID-363134", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.0.8.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_model_management_and_governance", product: { name: "financial_services_model_management_and_governance", product_id: "CSAFPID-764923", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.0.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_model_management_and_governance", product: { name: "financial_services_model_management_and_governance", product_id: "CSAFPID-396508", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_model_management_and_governance", product: { name: "financial_services_model_management_and_governance", product_id: "CSAFPID-764924", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_model_management_and_governance", product: { name: "financial_services_model_management_and_governance", product_id: "CSAFPID-396507", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_model_management_and_governance", product: { name: "financial_services_model_management_and_governance", product_id: "CSAFPID-611392", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_model_management_and_governance", product: { name: "financial_services_model_management_and_governance", product_id: "CSAFPID-611391", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_model_management_and_governance", product: { name: "financial_services_model_management_and_governance", product_id: "CSAFPID-1503319", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_model_management_and_governance", product: { name: "financial_services_model_management_and_governance", product_id: "CSAFPID-1503318", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_model_management_and_governance", product: { name: "financial_services_model_management_and_governance", product_id: "CSAFPID-1751202", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_model_management_and_governance", product: { name: "financial_services_model_management_and_governance", product_id: "CSAFPID-1751086", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_profitability_management", product: { name: "financial_services_profitability_management", product_id: "CSAFPID-363139", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7.8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_regulatory_reporting", product: { name: "financial_services_regulatory_reporting", product_id: "CSAFPID-570314", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_regulatory_reporting:8.0.8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_regulatory_reporting", product: { name: "financial_services_regulatory_reporting", product_id: "CSAFPID-570313", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_regulatory_reporting:8.1.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_regulatory_reporting", product: { name: "financial_services_regulatory_reporting", product_id: "CSAFPID-570312", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_regulatory_reporting:8.1.2.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_regulatory_reporting", product: { name: "financial_services_regulatory_reporting", product_id: "CSAFPID-570311", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_regulatory_reporting:8.1.2.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_regulatory_reporting", product: { name: "financial_services_regulatory_reporting", product_id: "CSAFPID-1751214", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_regulatory_reporting:8.1.2.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_regulatory_reporting", product: { name: "financial_services_regulatory_reporting", product_id: "CSAFPID-1751213", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_regulatory_reporting:8.1.2.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_regulatory_reporting_with_agilereporter", product: { name: "financial_services_regulatory_reporting_with_agilereporter", product_id: "CSAFPID-611433", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_regulatory_reporting_with_agilereporter:8.1.1.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_retail_performance_analytics", product: { name: "financial_services_retail_performance_analytics", product_id: "CSAFPID-363137", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7.8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-765266", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-344846", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.7.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-219833", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-912589", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.8.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-816832", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-219832", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-1751215", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.9.0.0.0-7.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-765264", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-765265", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.9.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-816834", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-344845", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.9.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-219831", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-400311", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:3.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-816835", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:3.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-219830", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-912590", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:3.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-816836", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:3.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-219829", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-400309", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:3.2.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-816837", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:3.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-219828", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-400307", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:4.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-912591", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:4.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-816838", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:4.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-219827", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-912592", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-816839", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:5.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-816841", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:5.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-1503637", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-816842", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-1503638", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-816833", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:_pricing_services___2.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-816840", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:_security___5.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_trade-based_anti_money_laundering", product: { name: "financial_services_trade-based_anti_money_laundering", product_id: "CSAFPID-1751087", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_trade-based_anti_money_laundering", product: { name: "financial_services_trade-based_anti_money_laundering", product_id: "CSAFPID-220375", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*", }, }, }, { category: "product_name", name: "financial_services_trade-based_anti_money_laundering_enterprise_edition", product: { name: "financial_services_trade-based_anti_money_laundering_enterprise_edition", product_id: "CSAFPID-764925", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering_enterprise_edition:8.0.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_trade-based_anti_money_laundering_enterprise_edition", product: { name: "financial_services_trade-based_anti_money_laundering_enterprise_edition", product_id: "CSAFPID-764796", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering_enterprise_edition:8.0.8.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_trade-based_anti_money_laundering_enterprise_edition", product: { name: "financial_services_trade-based_anti_money_laundering_enterprise_edition", product_id: "CSAFPID-764926", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering_enterprise_edition:8.0.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_trade-based_anti_money_laundering_enterprise_edition", product: { name: "financial_services_trade-based_anti_money_laundering_enterprise_edition", product_id: "CSAFPID-220374", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering_enterprise_edition:8.0.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-764262", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-180213", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:14.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-180207", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:14.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-912094", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:14.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-912093", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:14.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-912092", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:14.7.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-816824", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:14.7.0.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_liquidity_management", product: { name: "banking_liquidity_management", product_id: "CSAFPID-1673499", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_liquidity_management:14.7.5.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_origination", product: { name: "banking_origination", product_id: "CSAFPID-764263", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_origination:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_origination", product: { name: "banking_origination", product_id: "CSAFPID-180208", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_origination:14.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_origination", product: { name: "banking_origination", product_id: "CSAFPID-1751207", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_origination:14.5.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_origination", product: { name: "banking_origination", product_id: "CSAFPID-912064", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_origination:14.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_origination", product: { name: "banking_origination", product_id: "CSAFPID-912063", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_origination:14.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_origination", product: { name: "banking_origination", product_id: "CSAFPID-912062", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_origination:14.7.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_corporate_lending_process_management", product: { name: "banking_corporate_lending_process_management", product_id: "CSAFPID-764259", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_corporate_lending_process_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_corporate_lending_process_management", product: { name: "banking_corporate_lending_process_management", product_id: "CSAFPID-1751206", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.4.0.0.0-14.7.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_corporate_lending_process_management", product: { name: "banking_corporate_lending_process_management", product_id: "CSAFPID-1503614", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.4.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_corporate_lending_process_management", product: { name: "banking_corporate_lending_process_management", product_id: "CSAFPID-180204", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_corporate_lending_process_management", product: { name: "banking_corporate_lending_process_management", product_id: "CSAFPID-1503615", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_corporate_lending_process_management", product: { name: "banking_corporate_lending_process_management", product_id: "CSAFPID-1503616", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "banking_corporate_lending_process_management", product: { name: "banking_corporate_lending_process_management", product_id: "CSAFPID-1503617", product_identification_helper: { cpe: "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.7.0.0.0:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2022-34169", cwe: { id: "CWE-192", name: "Integer Coercion Error", }, notes: [ { category: "other", text: "Integer Coercion Error", title: "CWE-192", }, { category: "other", text: "Incorrect Conversion between Numeric Types", title: "CWE-681", }, { category: "other", text: "Incorrect Type Conversion or Cast", title: "CWE-704", }, ], product_status: { known_affected: [ "CSAFPID-219827", "CSAFPID-219828", "CSAFPID-219829", "CSAFPID-219830", "CSAFPID-344845", "CSAFPID-219831", "CSAFPID-219832", "CSAFPID-344846", "CSAFPID-219833", "CSAFPID-764259", "CSAFPID-345045", "CSAFPID-345044", "CSAFPID-345043", "CSAFPID-345042", "CSAFPID-93309", "CSAFPID-93305", "CSAFPID-189064", "CSAFPID-189063", "CSAFPID-363146", "CSAFPID-363129", "CSAFPID-363142", "CSAFPID-363130", "CSAFPID-363135", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-345041", "CSAFPID-219772", "CSAFPID-345047", "CSAFPID-391382", "CSAFPID-493291", "CSAFPID-493290", "CSAFPID-493289", "CSAFPID-493288", "CSAFPID-363128", "CSAFPID-363127", "CSAFPID-363144", "CSAFPID-363131", "CSAFPID-363126", "CSAFPID-363143", "CSAFPID-363133", "CSAFPID-219774", "CSAFPID-180190", "CSAFPID-345040", "CSAFPID-219773", "CSAFPID-363141", "CSAFPID-363138", "CSAFPID-363136", "CSAFPID-363145", "CSAFPID-363132", "CSAFPID-363140", "CSAFPID-363134", "CSAFPID-396508", "CSAFPID-396507", "CSAFPID-363139", "CSAFPID-570314", "CSAFPID-570313", "CSAFPID-570312", "CSAFPID-570311", "CSAFPID-611433", "CSAFPID-363137", "CSAFPID-764796", "CSAFPID-764857", "CSAFPID-342808", "CSAFPID-220456", "CSAFPID-93308", "CSAFPID-93306", "CSAFPID-220368", "CSAFPID-220449", "CSAFPID-220455", "CSAFPID-180191", "CSAFPID-180189", "CSAFPID-220369", "CSAFPID-220448", "CSAFPID-764923", "CSAFPID-764924", "CSAFPID-764925", "CSAFPID-764926", "CSAFPID-764262", "CSAFPID-816824", "CSAFPID-764263", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-9522", "CSAFPID-180204", "CSAFPID-180213", "CSAFPID-180207", "CSAFPID-180208", "CSAFPID-93312", "CSAFPID-93311", "CSAFPID-765261", "CSAFPID-765262", "CSAFPID-93648", "CSAFPID-765263", "CSAFPID-93647", "CSAFPID-220378", "CSAFPID-220377", "CSAFPID-220607", "CSAFPID-220372", "CSAFPID-567702", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-765266", "CSAFPID-400307", "CSAFPID-8848", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-219770", "CSAFPID-816828", "CSAFPID-816829", "CSAFPID-219771", "CSAFPID-816830", "CSAFPID-816831", "CSAFPID-816832", "CSAFPID-816833", "CSAFPID-816834", "CSAFPID-816835", "CSAFPID-816836", "CSAFPID-816837", "CSAFPID-816838", "CSAFPID-816839", "CSAFPID-816840", "CSAFPID-816841", "CSAFPID-816842", "CSAFPID-220374", "CSAFPID-912094", "CSAFPID-912093", "CSAFPID-912092", "CSAFPID-912064", "CSAFPID-912063", "CSAFPID-912062", "CSAFPID-912589", "CSAFPID-400311", "CSAFPID-912590", "CSAFPID-400309", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", ], }, references: [ { category: "self", summary: "CVE-2022-34169", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-34169.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-219827", "CSAFPID-219828", "CSAFPID-219829", "CSAFPID-219830", "CSAFPID-344845", "CSAFPID-219831", "CSAFPID-219832", "CSAFPID-344846", "CSAFPID-219833", "CSAFPID-764259", "CSAFPID-345045", "CSAFPID-345044", "CSAFPID-345043", "CSAFPID-345042", "CSAFPID-93309", "CSAFPID-93305", "CSAFPID-189064", "CSAFPID-189063", "CSAFPID-363146", "CSAFPID-363129", "CSAFPID-363142", "CSAFPID-363130", "CSAFPID-363135", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-345041", "CSAFPID-219772", "CSAFPID-345047", "CSAFPID-391382", "CSAFPID-493291", "CSAFPID-493290", "CSAFPID-493289", "CSAFPID-493288", "CSAFPID-363128", "CSAFPID-363127", "CSAFPID-363144", "CSAFPID-363131", "CSAFPID-363126", "CSAFPID-363143", "CSAFPID-363133", "CSAFPID-219774", "CSAFPID-180190", "CSAFPID-345040", "CSAFPID-219773", "CSAFPID-363141", "CSAFPID-363138", "CSAFPID-363136", "CSAFPID-363145", "CSAFPID-363132", "CSAFPID-363140", "CSAFPID-363134", "CSAFPID-396508", "CSAFPID-396507", "CSAFPID-363139", "CSAFPID-570314", "CSAFPID-570313", "CSAFPID-570312", "CSAFPID-570311", "CSAFPID-611433", "CSAFPID-363137", "CSAFPID-764796", "CSAFPID-764857", "CSAFPID-342808", "CSAFPID-220456", "CSAFPID-93308", "CSAFPID-93306", "CSAFPID-220368", "CSAFPID-220449", "CSAFPID-220455", "CSAFPID-180191", "CSAFPID-180189", "CSAFPID-220369", "CSAFPID-220448", "CSAFPID-764923", "CSAFPID-764924", "CSAFPID-764925", "CSAFPID-764926", "CSAFPID-764262", "CSAFPID-816824", "CSAFPID-764263", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-9522", "CSAFPID-180204", "CSAFPID-180213", "CSAFPID-180207", "CSAFPID-180208", "CSAFPID-93312", "CSAFPID-93311", "CSAFPID-765261", "CSAFPID-765262", "CSAFPID-93648", "CSAFPID-765263", "CSAFPID-93647", "CSAFPID-220378", "CSAFPID-220377", "CSAFPID-220607", "CSAFPID-220372", "CSAFPID-567702", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-765266", "CSAFPID-400307", "CSAFPID-8848", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-219770", "CSAFPID-816828", "CSAFPID-816829", "CSAFPID-219771", "CSAFPID-816830", "CSAFPID-816831", "CSAFPID-816832", "CSAFPID-816833", "CSAFPID-816834", "CSAFPID-816835", "CSAFPID-816836", "CSAFPID-816837", "CSAFPID-816838", "CSAFPID-816839", "CSAFPID-816840", "CSAFPID-816841", "CSAFPID-816842", "CSAFPID-220374", "CSAFPID-912094", "CSAFPID-912093", "CSAFPID-912092", "CSAFPID-912064", "CSAFPID-912063", "CSAFPID-912062", "CSAFPID-912589", "CSAFPID-400311", "CSAFPID-912590", "CSAFPID-400309", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", ], }, ], title: "CVE-2022-34169", }, { cve: "CVE-2023-26031", cwe: { id: "CWE-426", name: "Untrusted Search Path", }, notes: [ { category: "other", text: "Untrusted Search Path", title: "CWE-426", }, ], product_status: { known_affected: [ "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-912094", "CSAFPID-912093", "CSAFPID-912092", "CSAFPID-912064", "CSAFPID-912063", "CSAFPID-912062", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", "CSAFPID-816829", ], }, references: [ { category: "self", summary: "CVE-2023-26031", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26031.json", }, ], title: "CVE-2023-26031", }, { cve: "CVE-2023-33201", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-611391", "CSAFPID-611392", "CSAFPID-764259", "CSAFPID-764262", "CSAFPID-764263", "CSAFPID-764273", "CSAFPID-8848", "CSAFPID-9300", "CSAFPID-9522", "CSAFPID-9711", "CSAFPID-93307", "CSAFPID-180190", "CSAFPID-189065", "CSAFPID-189066", "CSAFPID-189067", "CSAFPID-219770", "CSAFPID-219771", "CSAFPID-219774", "CSAFPID-220374", "CSAFPID-344845", "CSAFPID-344846", "CSAFPID-765266", "CSAFPID-816824", "CSAFPID-816828", "CSAFPID-816829", "CSAFPID-816830", "CSAFPID-816831", "CSAFPID-816832", "CSAFPID-816833", "CSAFPID-816834", "CSAFPID-816835", "CSAFPID-816836", "CSAFPID-816837", "CSAFPID-816838", "CSAFPID-816839", "CSAFPID-816840", "CSAFPID-816841", "CSAFPID-816842", "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912062", "CSAFPID-912063", "CSAFPID-912064", "CSAFPID-912092", "CSAFPID-912093", "CSAFPID-912094", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", "CSAFPID-1751202", "CSAFPID-1751086", ], }, references: [ { category: "self", summary: "CVE-2023-33201", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-33201.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-611391", "CSAFPID-611392", "CSAFPID-764259", "CSAFPID-764262", "CSAFPID-764263", "CSAFPID-764273", "CSAFPID-8848", "CSAFPID-9300", "CSAFPID-9522", "CSAFPID-9711", "CSAFPID-93307", "CSAFPID-180190", "CSAFPID-189065", "CSAFPID-189066", "CSAFPID-189067", "CSAFPID-219770", "CSAFPID-219771", "CSAFPID-219774", "CSAFPID-220374", "CSAFPID-344845", "CSAFPID-344846", "CSAFPID-765266", "CSAFPID-816824", "CSAFPID-816828", "CSAFPID-816829", "CSAFPID-816830", "CSAFPID-816831", "CSAFPID-816832", "CSAFPID-816833", "CSAFPID-816834", "CSAFPID-816835", "CSAFPID-816836", "CSAFPID-816837", "CSAFPID-816838", "CSAFPID-816839", "CSAFPID-816840", "CSAFPID-816841", "CSAFPID-816842", "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912062", "CSAFPID-912063", "CSAFPID-912064", "CSAFPID-912092", "CSAFPID-912093", "CSAFPID-912094", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", "CSAFPID-1751202", "CSAFPID-1751086", ], }, ], title: "CVE-2023-33201", }, { cve: "CVE-2023-39410", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-8848", "CSAFPID-9300", "CSAFPID-9522", "CSAFPID-9711", "CSAFPID-93307", "CSAFPID-180190", "CSAFPID-189065", "CSAFPID-189066", "CSAFPID-189067", "CSAFPID-219770", "CSAFPID-219771", "CSAFPID-219774", "CSAFPID-220374", "CSAFPID-344845", "CSAFPID-344846", "CSAFPID-764259", "CSAFPID-764262", "CSAFPID-764263", "CSAFPID-765266", "CSAFPID-816824", "CSAFPID-816828", "CSAFPID-816829", "CSAFPID-816830", "CSAFPID-816831", "CSAFPID-816832", "CSAFPID-816833", "CSAFPID-816834", "CSAFPID-816835", "CSAFPID-816836", "CSAFPID-816837", "CSAFPID-816838", "CSAFPID-816839", "CSAFPID-816840", "CSAFPID-816841", "CSAFPID-816842", "CSAFPID-1751202", "CSAFPID-1751206", "CSAFPID-1751086", "CSAFPID-1751207", "CSAFPID-1503318", ], }, references: [ { category: "self", summary: "CVE-2023-39410", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-39410.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-8848", "CSAFPID-9300", "CSAFPID-9522", "CSAFPID-9711", "CSAFPID-93307", "CSAFPID-180190", "CSAFPID-189065", "CSAFPID-189066", "CSAFPID-189067", "CSAFPID-219770", "CSAFPID-219771", "CSAFPID-219774", "CSAFPID-220374", "CSAFPID-344845", "CSAFPID-344846", "CSAFPID-764259", "CSAFPID-764262", "CSAFPID-764263", "CSAFPID-765266", "CSAFPID-816824", "CSAFPID-816828", "CSAFPID-816829", "CSAFPID-816830", "CSAFPID-816831", "CSAFPID-816832", "CSAFPID-816833", "CSAFPID-816834", "CSAFPID-816835", "CSAFPID-816836", "CSAFPID-816837", "CSAFPID-816838", "CSAFPID-816839", "CSAFPID-816840", "CSAFPID-816841", "CSAFPID-816842", "CSAFPID-1751202", "CSAFPID-1751206", "CSAFPID-1751086", "CSAFPID-1751207", "CSAFPID-1503318", ], }, ], title: "CVE-2023-39410", }, { cve: "CVE-2023-44483", cwe: { id: "CWE-532", name: "Insertion of Sensitive Information into Log File", }, notes: [ { category: "other", text: "Insertion of Sensitive Information into Log File", title: "CWE-532", }, ], product_status: { known_affected: [ "CSAFPID-8848", "CSAFPID-9300", "CSAFPID-9522", "CSAFPID-9711", "CSAFPID-93307", "CSAFPID-180190", "CSAFPID-189065", "CSAFPID-189066", "CSAFPID-189067", "CSAFPID-219770", "CSAFPID-219771", "CSAFPID-219774", "CSAFPID-220374", "CSAFPID-344845", "CSAFPID-344846", "CSAFPID-764259", "CSAFPID-764262", "CSAFPID-764263", "CSAFPID-765266", "CSAFPID-816824", "CSAFPID-816828", "CSAFPID-816829", "CSAFPID-816830", "CSAFPID-816831", "CSAFPID-816832", "CSAFPID-816833", "CSAFPID-816834", "CSAFPID-816835", "CSAFPID-816836", "CSAFPID-816837", "CSAFPID-816838", "CSAFPID-816839", "CSAFPID-816840", "CSAFPID-816841", "CSAFPID-816842", "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912062", "CSAFPID-912063", "CSAFPID-912064", "CSAFPID-912092", "CSAFPID-912093", "CSAFPID-912094", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2023-44483", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44483.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-8848", "CSAFPID-9300", "CSAFPID-9522", "CSAFPID-9711", "CSAFPID-93307", "CSAFPID-180190", "CSAFPID-189065", "CSAFPID-189066", "CSAFPID-189067", "CSAFPID-219770", "CSAFPID-219771", "CSAFPID-219774", "CSAFPID-220374", "CSAFPID-344845", "CSAFPID-344846", "CSAFPID-764259", "CSAFPID-764262", "CSAFPID-764263", "CSAFPID-765266", "CSAFPID-816824", "CSAFPID-816828", "CSAFPID-816829", "CSAFPID-816830", "CSAFPID-816831", "CSAFPID-816832", "CSAFPID-816833", "CSAFPID-816834", "CSAFPID-816835", "CSAFPID-816836", "CSAFPID-816837", "CSAFPID-816838", "CSAFPID-816839", "CSAFPID-816840", "CSAFPID-816841", "CSAFPID-816842", "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912062", "CSAFPID-912063", "CSAFPID-912064", "CSAFPID-912092", "CSAFPID-912093", "CSAFPID-912094", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, ], title: "CVE-2023-44483", }, { cve: "CVE-2023-48795", cwe: { id: "CWE-222", name: "Truncation of Security-relevant Information", }, notes: [ { category: "other", text: "Truncation of Security-relevant Information", title: "CWE-222", }, { category: "other", text: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", title: "CWE-757", }, { category: "other", text: "Improper Validation of Integrity Check Value", title: "CWE-354", }, ], product_status: { known_affected: [ "CSAFPID-8848", "CSAFPID-9300", "CSAFPID-9522", "CSAFPID-9711", "CSAFPID-93307", "CSAFPID-180190", "CSAFPID-189065", "CSAFPID-189066", "CSAFPID-189067", "CSAFPID-219770", "CSAFPID-219771", "CSAFPID-219774", "CSAFPID-220374", "CSAFPID-344845", "CSAFPID-344846", "CSAFPID-764259", "CSAFPID-764262", "CSAFPID-764263", "CSAFPID-765266", "CSAFPID-816824", "CSAFPID-816828", "CSAFPID-816829", "CSAFPID-816830", "CSAFPID-816831", "CSAFPID-816832", "CSAFPID-816833", "CSAFPID-816834", "CSAFPID-816835", "CSAFPID-816836", "CSAFPID-816837", "CSAFPID-816838", "CSAFPID-816839", "CSAFPID-816840", "CSAFPID-816841", "CSAFPID-816842", "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912062", "CSAFPID-912063", "CSAFPID-912064", "CSAFPID-912092", "CSAFPID-912093", "CSAFPID-912094", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2023-48795", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-8848", "CSAFPID-9300", "CSAFPID-9522", "CSAFPID-9711", "CSAFPID-93307", "CSAFPID-180190", "CSAFPID-189065", "CSAFPID-189066", "CSAFPID-189067", "CSAFPID-219770", "CSAFPID-219771", "CSAFPID-219774", "CSAFPID-220374", "CSAFPID-344845", "CSAFPID-344846", "CSAFPID-764259", "CSAFPID-764262", "CSAFPID-764263", "CSAFPID-765266", "CSAFPID-816824", "CSAFPID-816828", "CSAFPID-816829", "CSAFPID-816830", "CSAFPID-816831", "CSAFPID-816832", "CSAFPID-816833", "CSAFPID-816834", "CSAFPID-816835", "CSAFPID-816836", "CSAFPID-816837", "CSAFPID-816838", "CSAFPID-816839", "CSAFPID-816840", "CSAFPID-816841", "CSAFPID-816842", "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912062", "CSAFPID-912063", "CSAFPID-912064", "CSAFPID-912092", "CSAFPID-912093", "CSAFPID-912094", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, ], title: "CVE-2023-48795", }, { cve: "CVE-2023-51074", cwe: { id: "CWE-121", name: "Stack-based Buffer Overflow", }, notes: [ { category: "other", text: "Stack-based Buffer Overflow", title: "CWE-121", }, ], product_status: { known_affected: [ "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912062", "CSAFPID-912063", "CSAFPID-912064", "CSAFPID-912092", "CSAFPID-912093", "CSAFPID-912094", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", "CSAFPID-1751213", "CSAFPID-220375", "CSAFPID-1751214", "CSAFPID-1751074", ], }, references: [ { category: "self", summary: "CVE-2023-51074", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-51074.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912062", "CSAFPID-912063", "CSAFPID-912064", "CSAFPID-912092", "CSAFPID-912093", "CSAFPID-912094", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", "CSAFPID-1751213", "CSAFPID-220375", "CSAFPID-1751214", "CSAFPID-1751074", ], }, ], title: "CVE-2023-51074", }, { cve: "CVE-2023-52070", product_status: { known_affected: [ "CSAFPID-1751215", ], }, references: [ { category: "self", summary: "CVE-2023-52070", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52070.json", }, ], scores: [ { cvss_v3: { baseScore: 8.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1751215", ], }, ], title: "CVE-2023-52070", }, { cve: "CVE-2024-28219", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, notes: [ { category: "other", text: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", title: "CWE-120", }, { category: "other", text: "Use of Potentially Dangerous Function", title: "CWE-676", }, { category: "other", text: "Integer Overflow to Buffer Overflow", title: "CWE-680", }, ], product_status: { known_affected: [ "CSAFPID-1503631", "CSAFPID-1673499", ], }, references: [ { category: "self", summary: "CVE-2024-28219", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28219.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "CSAFPID-1503631", "CSAFPID-1673499", ], }, ], title: "CVE-2024-28219", }, { cve: "CVE-2024-34064", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-912094", "CSAFPID-912093", "CSAFPID-912092", "CSAFPID-912064", "CSAFPID-912063", "CSAFPID-912062", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", "CSAFPID-1673499", "CSAFPID-1751206", "CSAFPID-1751207", ], }, references: [ { category: "self", summary: "CVE-2024-34064", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34064.json", }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1503614", "CSAFPID-1503615", "CSAFPID-1503616", "CSAFPID-1503617", "CSAFPID-912094", "CSAFPID-912093", "CSAFPID-912092", "CSAFPID-912064", "CSAFPID-912063", "CSAFPID-912062", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", "CSAFPID-1673499", "CSAFPID-1751206", "CSAFPID-1751207", ], }, ], title: "CVE-2024-34064", }, { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, notes: [ { category: "other", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1751202", "CSAFPID-1751086", "CSAFPID-1503318", ], }, references: [ { category: "self", summary: "CVE-2024-34750", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34750.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1751202", "CSAFPID-1751086", "CSAFPID-1503318", ], }, ], title: "CVE-2024-34750", }, { cve: "CVE-2024-35195", cwe: { id: "CWE-670", name: "Always-Incorrect Control Flow Implementation", }, notes: [ { category: "other", text: "Always-Incorrect Control Flow Implementation", title: "CWE-670", }, ], product_status: { known_affected: [ "CSAFPID-1673499", "CSAFPID-1503631", ], }, references: [ { category: "self", summary: "CVE-2024-35195", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35195.json", }, ], scores: [ { cvss_v3: { baseScore: 5.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1673499", "CSAFPID-1503631", ], }, ], title: "CVE-2024-35195", }, { cve: "CVE-2024-38819", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], product_status: { known_affected: [ "CSAFPID-1751072", "CSAFPID-1503630", "CSAFPID-1751074", "CSAFPID-1751078", "CSAFPID-189067", "CSAFPID-1751083", "CSAFPID-1751086", "CSAFPID-1503631", "CSAFPID-220375", ], }, references: [ { category: "self", summary: "CVE-2024-38819", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38819.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1751072", "CSAFPID-1503630", "CSAFPID-1751074", "CSAFPID-1751078", "CSAFPID-189067", "CSAFPID-1751083", "CSAFPID-1751086", "CSAFPID-1503631", "CSAFPID-220375", ], }, ], title: "CVE-2024-38819", }, { cve: "CVE-2024-38820", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, { category: "other", text: "Improper Handling of Case Sensitivity", title: "CWE-178", }, ], product_status: { known_affected: [ "CSAFPID-220375", "CSAFPID-1751083", "CSAFPID-1503630", "CSAFPID-1751074", "CSAFPID-1751078", "CSAFPID-1503631", "CSAFPID-189067", "CSAFPID-1751086", "CSAFPID-1751072", ], }, references: [ { category: "self", summary: "CVE-2024-38820", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38820.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-220375", "CSAFPID-1751083", "CSAFPID-1503630", "CSAFPID-1751074", "CSAFPID-1751078", "CSAFPID-1503631", "CSAFPID-189067", "CSAFPID-1751086", "CSAFPID-1751072", ], }, ], title: "CVE-2024-38820", }, { cve: "CVE-2024-38827", cwe: { id: "CWE-639", name: "Authorization Bypass Through User-Controlled Key", }, notes: [ { category: "other", text: "Authorization Bypass Through User-Controlled Key", title: "CWE-639", }, ], product_status: { known_affected: [ "CSAFPID-1503631", ], }, references: [ { category: "self", summary: "CVE-2024-38827", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38827.json", }, ], scores: [ { cvss_v3: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1503631", ], }, ], title: "CVE-2024-38827", }, { cve: "CVE-2024-38998", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, notes: [ { category: "other", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, ], product_status: { known_affected: [ "CSAFPID-220375", "CSAFPID-1751083", "CSAFPID-189067", "CSAFPID-1503318", "CSAFPID-1751202", "CSAFPID-1503630", "CSAFPID-1751074", "CSAFPID-1751078", "CSAFPID-1751213", "CSAFPID-1751214", "CSAFPID-219774", "CSAFPID-1751086", "CSAFPID-1751072", ], }, references: [ { category: "self", summary: "CVE-2024-38998", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38998.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-220375", "CSAFPID-1751083", "CSAFPID-189067", "CSAFPID-1503318", "CSAFPID-1751202", "CSAFPID-1503630", "CSAFPID-1751074", "CSAFPID-1751078", "CSAFPID-1751213", "CSAFPID-1751214", "CSAFPID-219774", "CSAFPID-1751086", "CSAFPID-1751072", ], }, ], title: "CVE-2024-38998", }, { cve: "CVE-2024-38999", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, notes: [ { category: "other", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, ], product_status: { known_affected: [ "CSAFPID-220375", "CSAFPID-1751083", "CSAFPID-189067", "CSAFPID-1503318", "CSAFPID-1751202", "CSAFPID-1503630", "CSAFPID-1751074", "CSAFPID-1751078", "CSAFPID-1751213", "CSAFPID-1751214", "CSAFPID-219774", "CSAFPID-1751086", "CSAFPID-1751072", ], }, references: [ { category: "self", summary: "CVE-2024-38999", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38999.json", }, ], scores: [ { cvss_v3: { baseScore: 10, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-220375", "CSAFPID-1751083", "CSAFPID-189067", "CSAFPID-1503318", "CSAFPID-1751202", "CSAFPID-1503630", "CSAFPID-1751074", "CSAFPID-1751078", "CSAFPID-1751213", "CSAFPID-1751214", "CSAFPID-219774", "CSAFPID-1751086", "CSAFPID-1751072", ], }, ], title: "CVE-2024-38999", }, { cve: "CVE-2024-45490", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "other", text: "Incorrect Calculation of Buffer Size", title: "CWE-131", }, { category: "other", text: "Improper Restriction of XML External Entity Reference", title: "CWE-611", }, ], product_status: { known_affected: [ "CSAFPID-189067", "CSAFPID-1503630", "CSAFPID-1751074", "CSAFPID-220375", ], }, references: [ { category: "self", summary: "CVE-2024-45490", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45490.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-189067", "CSAFPID-1503630", "CSAFPID-1751074", "CSAFPID-220375", ], }, ], title: "CVE-2024-45490", }, { cve: "CVE-2024-45491", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-220375", "CSAFPID-1503630", "CSAFPID-189067", "CSAFPID-1751074", ], }, references: [ { category: "self", summary: "CVE-2024-45491", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45491.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-220375", "CSAFPID-1503630", "CSAFPID-189067", "CSAFPID-1751074", ], }, ], title: "CVE-2024-45491", }, { cve: "CVE-2024-45492", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-220375", "CSAFPID-1503630", "CSAFPID-189067", "CSAFPID-1751074", ], }, references: [ { category: "self", summary: "CVE-2024-45492", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45492.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-220375", "CSAFPID-1503630", "CSAFPID-189067", "CSAFPID-1751074", ], }, ], title: "CVE-2024-45492", }, { cve: "CVE-2025-21550", product_status: { known_affected: [ "CSAFPID-189067", "CSAFPID-1503630", "CSAFPID-1751074", ], }, references: [ { category: "self", summary: "CVE-2025-21550", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21550.json", }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-189067", "CSAFPID-1503630", "CSAFPID-1751074", ], }, ], title: "CVE-2025-21550", }, ], }
NCSC-2024-0413
Vulnerability from csaf_ncscnl
Notes
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Oracle heeft kwetsbaarheden verholpen in Commerce.", title: "Feiten", }, { category: "description", text: "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n- Denial-of-Service (DoS)\n- Manipuleren van data\n- Toegang tot gevoelige gegevens\n- Uitvoer van willekeurige code (Gebruikersrechten)\n- Uitvoer van willekeurige code (Administratorrechten)", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "general", text: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", title: "CWE-917", }, { category: "general", text: "Files or Directories Accessible to External Parties", title: "CWE-552", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "general", text: "Improper Restriction of XML External Entity Reference", title: "CWE-611", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - cveprojectv5; hkcert; nvd; oracle; redhat", url: "https://www.oracle.com/security-alerts/cpuoct2024.html", }, ], title: "Kwetsbaarheden verholpen in Oracle Commerce", tracking: { current_release_date: "2024-10-17T13:17:19.736602Z", id: "NCSC-2024-0413", initial_release_date: "2024-10-17T13:17:19.736602Z", revision_history: [ { date: "2024-10-17T13:17:19.736602Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "commerce", product: { name: "commerce", product_id: "CSAFPID-1674613", product_identification_helper: { cpe: "cpe:2.3:a:oracle:commerce:11.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "commerce", product: { name: "commerce", product_id: "CSAFPID-1674614", product_identification_helper: { cpe: "cpe:2.3:a:oracle:commerce:11.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "commerce", product: { name: "commerce", product_id: "CSAFPID-1674615", product_identification_helper: { cpe: "cpe:2.3:a:oracle:commerce:11.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "commerce", product: { name: "commerce", product_id: "CSAFPID-1674616", product_identification_helper: { cpe: "cpe:2.3:a:oracle:commerce:11.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "commerce_guided_search", product: { name: "commerce_guided_search", product_id: "CSAFPID-187449", product_identification_helper: { cpe: "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "commerce_guided_search", product: { name: "commerce_guided_search", product_id: "CSAFPID-1673502", product_identification_helper: { cpe: "cpe:2.3:a:oracle:commerce_guided_search:11.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "commerce_platform", product: { name: "commerce_platform", product_id: "CSAFPID-764898", product_identification_helper: { cpe: "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "commerce_platform", product: { name: "commerce_platform", product_id: "CSAFPID-220467", product_identification_helper: { cpe: "cpe:2.3:a:oracle:commerce_platform:11.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "commerce_platform", product: { name: "commerce_platform", product_id: "CSAFPID-221115", product_identification_helper: { cpe: "cpe:2.3:a:oracle:commerce_platform:11.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "commerce_platform", product: { name: "commerce_platform", product_id: "CSAFPID-220466", product_identification_helper: { cpe: "cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_commerce_guided_search", product: { name: "oracle_commerce_guided_search", product_id: "CSAFPID-1650505", product_identification_helper: { cpe: "cpe:2.3:a:oracle:oracle_commerce_guided_search:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_commerce_platform", product: { name: "oracle_commerce_platform", product_id: "CSAFPID-1650560", product_identification_helper: { cpe: "cpe:2.3:a:oracle:oracle_commerce_platform:*:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2019-10172", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, notes: [ { category: "other", text: "Improper Restriction of XML External Entity Reference", title: "CWE-611", }, ], product_status: { known_affected: [ "CSAFPID-187449", "CSAFPID-220467", "CSAFPID-221115", "CSAFPID-220466", "CSAFPID-1674613", "CSAFPID-1674614", "CSAFPID-1674615", "CSAFPID-1674616", ], }, references: [ { category: "self", summary: "CVE-2019-10172", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2019/CVE-2019-10172.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-187449", "CSAFPID-220467", "CSAFPID-221115", "CSAFPID-220466", "CSAFPID-1674613", "CSAFPID-1674614", "CSAFPID-1674615", "CSAFPID-1674616", ], }, ], title: "CVE-2019-10172", }, { cve: "CVE-2020-13956", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-187449", "CSAFPID-220467", "CSAFPID-221115", "CSAFPID-220466", "CSAFPID-764898", "CSAFPID-1650505", "CSAFPID-1674613", "CSAFPID-1674614", "CSAFPID-1674615", "CSAFPID-1674616", ], }, references: [ { category: "self", summary: "CVE-2020-13956", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-13956.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-187449", "CSAFPID-220467", "CSAFPID-221115", "CSAFPID-220466", "CSAFPID-764898", "CSAFPID-1650505", "CSAFPID-1674613", "CSAFPID-1674614", "CSAFPID-1674615", "CSAFPID-1674616", ], }, ], title: "CVE-2020-13956", }, { cve: "CVE-2021-23358", cwe: { id: "CWE-94", name: "Improper Control of Generation of Code ('Code Injection')", }, notes: [ { category: "other", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, ], product_status: { known_affected: [ "CSAFPID-187449", "CSAFPID-221115", "CSAFPID-220466", "CSAFPID-220467", "CSAFPID-1674613", "CSAFPID-1674614", "CSAFPID-1674615", "CSAFPID-1674616", ], }, references: [ { category: "self", summary: "CVE-2021-23358", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-23358.json", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-187449", "CSAFPID-221115", "CSAFPID-220466", "CSAFPID-220467", "CSAFPID-1674613", "CSAFPID-1674614", "CSAFPID-1674615", "CSAFPID-1674616", ], }, ], title: "CVE-2021-23358", }, { cve: "CVE-2021-28170", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-187449", "CSAFPID-220467", "CSAFPID-221115", "CSAFPID-220466", "CSAFPID-1674613", "CSAFPID-1674614", "CSAFPID-1674615", "CSAFPID-1674616", ], }, references: [ { category: "self", summary: "CVE-2021-28170", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-28170.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-187449", "CSAFPID-220467", "CSAFPID-221115", "CSAFPID-220466", "CSAFPID-1674613", "CSAFPID-1674614", "CSAFPID-1674615", "CSAFPID-1674616", ], }, ], title: "CVE-2021-28170", }, { cve: "CVE-2022-46337", product_status: { known_affected: [ "CSAFPID-187449", "CSAFPID-220466", "CSAFPID-1674613", "CSAFPID-1674614", "CSAFPID-1674615", "CSAFPID-1674616", "CSAFPID-220467", "CSAFPID-221115", ], }, references: [ { category: "self", summary: "CVE-2022-46337", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-46337.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-187449", "CSAFPID-220466", "CSAFPID-1674613", "CSAFPID-1674614", "CSAFPID-1674615", "CSAFPID-1674616", "CSAFPID-220467", "CSAFPID-221115", ], }, ], title: "CVE-2022-46337", }, { cve: "CVE-2023-2976", cwe: { id: "CWE-552", name: "Files or Directories Accessible to External Parties", }, notes: [ { category: "other", text: "Files or Directories Accessible to External Parties", title: "CWE-552", }, ], product_status: { known_affected: [ "CSAFPID-1650505", "CSAFPID-220466", "CSAFPID-1674613", "CSAFPID-1674614", "CSAFPID-1674615", "CSAFPID-1674616", "CSAFPID-220467", "CSAFPID-221115", "CSAFPID-187449", ], }, references: [ { category: "self", summary: "CVE-2023-2976", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-2976.json", }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1650505", "CSAFPID-220466", "CSAFPID-1674613", "CSAFPID-1674614", "CSAFPID-1674615", "CSAFPID-1674616", "CSAFPID-220467", "CSAFPID-221115", "CSAFPID-187449", ], }, ], title: "CVE-2023-2976", }, { cve: "CVE-2023-20863", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "other", text: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", title: "CWE-917", }, ], product_status: { known_affected: [ "CSAFPID-1650560", "CSAFPID-1650505", "CSAFPID-1674613", "CSAFPID-1674614", "CSAFPID-1674615", "CSAFPID-1674616", "CSAFPID-187449", "CSAFPID-220466", "CSAFPID-220467", "CSAFPID-221115", ], }, references: [ { category: "self", summary: "CVE-2023-20863", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-20863.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1650560", "CSAFPID-1650505", "CSAFPID-1674613", "CSAFPID-1674614", "CSAFPID-1674615", "CSAFPID-1674616", "CSAFPID-187449", "CSAFPID-220466", "CSAFPID-220467", "CSAFPID-221115", ], }, ], title: "CVE-2023-20863", }, { cve: "CVE-2024-26308", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1674613", "CSAFPID-1674614", "CSAFPID-1674615", "CSAFPID-1674616", "CSAFPID-187449", "CSAFPID-220466", "CSAFPID-220467", "CSAFPID-221115", ], }, references: [ { category: "self", summary: "CVE-2024-26308", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26308.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1674613", "CSAFPID-1674614", "CSAFPID-1674615", "CSAFPID-1674616", "CSAFPID-187449", "CSAFPID-220466", "CSAFPID-220467", "CSAFPID-221115", ], }, ], title: "CVE-2024-26308", }, { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, notes: [ { category: "other", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673502", "CSAFPID-187449", "CSAFPID-1674613", "CSAFPID-1674614", "CSAFPID-1674615", "CSAFPID-1674616", ], }, references: [ { category: "self", summary: "CVE-2024-34750", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34750.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673502", "CSAFPID-187449", "CSAFPID-1674613", "CSAFPID-1674614", "CSAFPID-1674615", "CSAFPID-1674616", ], }, ], title: "CVE-2024-34750", }, ], }
ncsc-2024-0413
Vulnerability from csaf_ncscnl
Notes
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Oracle heeft kwetsbaarheden verholpen in Commerce.", title: "Feiten", }, { category: "description", text: "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n- Denial-of-Service (DoS)\n- Manipuleren van data\n- Toegang tot gevoelige gegevens\n- Uitvoer van willekeurige code (Gebruikersrechten)\n- Uitvoer van willekeurige code (Administratorrechten)", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "general", text: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", title: "CWE-917", }, { category: "general", text: "Files or Directories Accessible to External Parties", title: "CWE-552", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "general", text: "Improper Restriction of XML External Entity Reference", title: "CWE-611", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - cveprojectv5; hkcert; nvd; oracle; redhat", url: "https://www.oracle.com/security-alerts/cpuoct2024.html", }, ], title: "Kwetsbaarheden verholpen in Oracle Commerce", tracking: { current_release_date: "2024-10-17T13:17:19.736602Z", id: "NCSC-2024-0413", initial_release_date: "2024-10-17T13:17:19.736602Z", revision_history: [ { date: "2024-10-17T13:17:19.736602Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "commerce", product: { name: "commerce", product_id: "CSAFPID-1674613", product_identification_helper: { cpe: "cpe:2.3:a:oracle:commerce:11.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "commerce", product: { name: "commerce", product_id: "CSAFPID-1674614", product_identification_helper: { cpe: "cpe:2.3:a:oracle:commerce:11.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "commerce", product: { name: "commerce", product_id: "CSAFPID-1674615", product_identification_helper: { cpe: "cpe:2.3:a:oracle:commerce:11.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "commerce", product: { name: "commerce", product_id: "CSAFPID-1674616", product_identification_helper: { cpe: "cpe:2.3:a:oracle:commerce:11.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "commerce_guided_search", product: { name: "commerce_guided_search", product_id: "CSAFPID-187449", product_identification_helper: { cpe: "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "commerce_guided_search", product: { name: "commerce_guided_search", product_id: "CSAFPID-1673502", product_identification_helper: { cpe: "cpe:2.3:a:oracle:commerce_guided_search:11.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "commerce_platform", product: { name: "commerce_platform", product_id: "CSAFPID-764898", product_identification_helper: { cpe: "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "commerce_platform", product: { name: "commerce_platform", product_id: "CSAFPID-220467", product_identification_helper: { cpe: "cpe:2.3:a:oracle:commerce_platform:11.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "commerce_platform", product: { name: "commerce_platform", product_id: "CSAFPID-221115", product_identification_helper: { cpe: "cpe:2.3:a:oracle:commerce_platform:11.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "commerce_platform", product: { name: "commerce_platform", product_id: "CSAFPID-220466", product_identification_helper: { cpe: "cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_commerce_guided_search", product: { name: "oracle_commerce_guided_search", product_id: "CSAFPID-1650505", product_identification_helper: { cpe: "cpe:2.3:a:oracle:oracle_commerce_guided_search:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_commerce_platform", product: { name: "oracle_commerce_platform", product_id: "CSAFPID-1650560", product_identification_helper: { cpe: "cpe:2.3:a:oracle:oracle_commerce_platform:*:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2019-10172", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, notes: [ { category: "other", text: "Improper Restriction of XML External Entity Reference", title: "CWE-611", }, ], product_status: { known_affected: [ "CSAFPID-187449", "CSAFPID-220467", "CSAFPID-221115", "CSAFPID-220466", "CSAFPID-1674613", "CSAFPID-1674614", "CSAFPID-1674615", "CSAFPID-1674616", ], }, references: [ { category: "self", summary: "CVE-2019-10172", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2019/CVE-2019-10172.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-187449", "CSAFPID-220467", "CSAFPID-221115", "CSAFPID-220466", "CSAFPID-1674613", "CSAFPID-1674614", "CSAFPID-1674615", "CSAFPID-1674616", ], }, ], title: "CVE-2019-10172", }, { cve: "CVE-2020-13956", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-187449", "CSAFPID-220467", "CSAFPID-221115", "CSAFPID-220466", "CSAFPID-764898", "CSAFPID-1650505", "CSAFPID-1674613", "CSAFPID-1674614", "CSAFPID-1674615", "CSAFPID-1674616", ], }, references: [ { category: "self", summary: "CVE-2020-13956", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-13956.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-187449", "CSAFPID-220467", "CSAFPID-221115", "CSAFPID-220466", "CSAFPID-764898", "CSAFPID-1650505", "CSAFPID-1674613", "CSAFPID-1674614", "CSAFPID-1674615", "CSAFPID-1674616", ], }, ], title: "CVE-2020-13956", }, { cve: "CVE-2021-23358", cwe: { id: "CWE-94", name: "Improper Control of Generation of Code ('Code Injection')", }, notes: [ { category: "other", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, ], product_status: { known_affected: [ "CSAFPID-187449", "CSAFPID-221115", "CSAFPID-220466", "CSAFPID-220467", "CSAFPID-1674613", "CSAFPID-1674614", "CSAFPID-1674615", "CSAFPID-1674616", ], }, references: [ { category: "self", summary: "CVE-2021-23358", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-23358.json", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-187449", "CSAFPID-221115", "CSAFPID-220466", "CSAFPID-220467", "CSAFPID-1674613", "CSAFPID-1674614", "CSAFPID-1674615", "CSAFPID-1674616", ], }, ], title: "CVE-2021-23358", }, { cve: "CVE-2021-28170", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-187449", "CSAFPID-220467", "CSAFPID-221115", "CSAFPID-220466", "CSAFPID-1674613", "CSAFPID-1674614", "CSAFPID-1674615", "CSAFPID-1674616", ], }, references: [ { category: "self", summary: "CVE-2021-28170", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-28170.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-187449", "CSAFPID-220467", "CSAFPID-221115", "CSAFPID-220466", "CSAFPID-1674613", "CSAFPID-1674614", "CSAFPID-1674615", "CSAFPID-1674616", ], }, ], title: "CVE-2021-28170", }, { cve: "CVE-2022-46337", product_status: { known_affected: [ "CSAFPID-187449", "CSAFPID-220466", "CSAFPID-1674613", "CSAFPID-1674614", "CSAFPID-1674615", "CSAFPID-1674616", "CSAFPID-220467", "CSAFPID-221115", ], }, references: [ { category: "self", summary: "CVE-2022-46337", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-46337.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-187449", "CSAFPID-220466", "CSAFPID-1674613", "CSAFPID-1674614", "CSAFPID-1674615", "CSAFPID-1674616", "CSAFPID-220467", "CSAFPID-221115", ], }, ], title: "CVE-2022-46337", }, { cve: "CVE-2023-2976", cwe: { id: "CWE-552", name: "Files or Directories Accessible to External Parties", }, notes: [ { category: "other", text: "Files or Directories Accessible to External Parties", title: "CWE-552", }, ], product_status: { known_affected: [ "CSAFPID-1650505", "CSAFPID-220466", "CSAFPID-1674613", "CSAFPID-1674614", "CSAFPID-1674615", "CSAFPID-1674616", "CSAFPID-220467", "CSAFPID-221115", "CSAFPID-187449", ], }, references: [ { category: "self", summary: "CVE-2023-2976", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-2976.json", }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1650505", "CSAFPID-220466", "CSAFPID-1674613", "CSAFPID-1674614", "CSAFPID-1674615", "CSAFPID-1674616", "CSAFPID-220467", "CSAFPID-221115", "CSAFPID-187449", ], }, ], title: "CVE-2023-2976", }, { cve: "CVE-2023-20863", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "other", text: "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')", title: "CWE-917", }, ], product_status: { known_affected: [ "CSAFPID-1650560", "CSAFPID-1650505", "CSAFPID-1674613", "CSAFPID-1674614", "CSAFPID-1674615", "CSAFPID-1674616", "CSAFPID-187449", "CSAFPID-220466", "CSAFPID-220467", "CSAFPID-221115", ], }, references: [ { category: "self", summary: "CVE-2023-20863", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-20863.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1650560", "CSAFPID-1650505", "CSAFPID-1674613", "CSAFPID-1674614", "CSAFPID-1674615", "CSAFPID-1674616", "CSAFPID-187449", "CSAFPID-220466", "CSAFPID-220467", "CSAFPID-221115", ], }, ], title: "CVE-2023-20863", }, { cve: "CVE-2024-26308", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1674613", "CSAFPID-1674614", "CSAFPID-1674615", "CSAFPID-1674616", "CSAFPID-187449", "CSAFPID-220466", "CSAFPID-220467", "CSAFPID-221115", ], }, references: [ { category: "self", summary: "CVE-2024-26308", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26308.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1674613", "CSAFPID-1674614", "CSAFPID-1674615", "CSAFPID-1674616", "CSAFPID-187449", "CSAFPID-220466", "CSAFPID-220467", "CSAFPID-221115", ], }, ], title: "CVE-2024-26308", }, { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, notes: [ { category: "other", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673502", "CSAFPID-187449", "CSAFPID-1674613", "CSAFPID-1674614", "CSAFPID-1674615", "CSAFPID-1674616", ], }, references: [ { category: "self", summary: "CVE-2024-34750", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34750.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673502", "CSAFPID-187449", "CSAFPID-1674613", "CSAFPID-1674614", "CSAFPID-1674615", "CSAFPID-1674616", ], }, ], title: "CVE-2024-34750", }, ], }
NCSC-2024-0411
Vulnerability from csaf_ncscnl
Notes
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Oracle heeft kwetsbaarheden verholpen in diverse Database producten en subsystemen, zoals de Core database, Application Express, Autonomous Health Framework, Essbase, GoldenGate, SQL Developer en Secure Backup.", title: "Feiten", }, { category: "description", text: "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n- Denial-of-Service (DoS)\n- Manipuleren van data\n- Toegang tot gevoelige gegevens", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, { category: "general", text: "Observable Timing Discrepancy", title: "CWE-208", }, { category: "general", text: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", title: "CWE-776", }, { category: "general", text: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", title: "CWE-88", }, { category: "general", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "general", text: "Excessive Iteration", title: "CWE-834", }, { category: "general", text: "Inefficient Algorithmic Complexity", title: "CWE-407", }, { category: "general", text: "Improper Handling of Case Sensitivity", title: "CWE-178", }, { category: "general", text: "Incorrect Permission Assignment for Critical Resource", title: "CWE-732", }, { category: "general", text: "Double Free", title: "CWE-415", }, { category: "general", text: "Missing Encryption of Sensitive Data", title: "CWE-311", }, { category: "general", text: "Uncontrolled Search Path Element", title: "CWE-427", }, { category: "general", text: "Encoding Error", title: "CWE-172", }, { category: "general", text: "Integer Overflow to Buffer Overflow", title: "CWE-680", }, { category: "general", text: "Untrusted Search Path", title: "CWE-426", }, { category: "general", text: "Access of Resource Using Incompatible Type ('Type Confusion')", title: "CWE-843", }, { category: "general", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, { category: "general", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, { category: "general", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, { category: "general", text: "Observable Discrepancy", title: "CWE-203", }, { category: "general", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "general", text: "Files or Directories Accessible to External Parties", title: "CWE-552", }, { category: "general", text: "Authorization Bypass Through User-Controlled Key", title: "CWE-639", }, { category: "general", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "CWE-275", title: "CWE-275", }, { category: "general", text: "Improper Access Control", title: "CWE-284", }, { category: "general", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "general", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, { category: "general", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, { category: "general", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "Missing Release of Memory after Effective Lifetime", title: "CWE-401", }, { category: "general", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "general", text: "Improper Certificate Validation", title: "CWE-295", }, { category: "general", text: "Exposure of Resource to Wrong Sphere", title: "CWE-668", }, { category: "general", text: "Inclusion of Functionality from Untrusted Control Sphere", title: "CWE-829", }, { category: "general", text: "Use of a Broken or Risky Cryptographic Algorithm", title: "CWE-327", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "general", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "general", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, { category: "general", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "general", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "general", text: "Stack-based Buffer Overflow", title: "CWE-121", }, { category: "general", text: "Incorrect Conversion between Numeric Types", title: "CWE-681", }, { category: "general", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, { category: "general", text: "Improper Privilege Management", title: "CWE-269", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Improper Neutralization of Alternate XSS Syntax", title: "CWE-87", }, { category: "general", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, { category: "general", text: "CWE-18", title: "CWE-18", }, { category: "general", text: "Covert Timing Channel", title: "CWE-385", }, { category: "general", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, { category: "general", text: "Integer Coercion Error", title: "CWE-192", }, { category: "general", text: "Detection of Error Condition Without Action", title: "CWE-390", }, { category: "general", text: "Improperly Controlled Sequential Memory Allocation", title: "CWE-1325", }, { category: "general", text: "Truncation of Security-relevant Information", title: "CWE-222", }, { category: "general", text: "Incorrect Calculation of Buffer Size", title: "CWE-131", }, { category: "general", text: "Improper Link Resolution Before File Access ('Link Following')", title: "CWE-59", }, { category: "general", text: "Missing Critical Step in Authentication", title: "CWE-304", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - cveprojectv5; hkcert; nvd; oracle; redhat", url: "https://www.oracle.com/security-alerts/cpuoct2024.html", }, ], title: "Kwetsbaarheden verholpen in Oracle Database producten", tracking: { current_release_date: "2024-10-17T13:15:19.595269Z", id: "NCSC-2024-0411", initial_release_date: "2024-10-17T13:15:19.595269Z", revision_history: [ { date: "2024-10-17T13:15:19.595269Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "database_-_grid", product: { name: "database_-_grid", product_id: "CSAFPID-1673504", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_grid:19.3-19.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_grid", product: { name: "database_-_grid", product_id: "CSAFPID-1673506", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_grid:21.3-21.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_core", product: { name: "database_-_core", product_id: "CSAFPID-1673386", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_core:19.3-19.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_core", product: { name: "database_-_core", product_id: "CSAFPID-1673385", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_core:21.3-21.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_core", product: { name: "database_-_core", product_id: "CSAFPID-1673442", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_core:23.4-23.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_security", product: { name: "database_-_security", product_id: "CSAFPID-1673507", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_security:19.3-19.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_security", product: { name: "database_-_security", product_id: "CSAFPID-1673509", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_security:21.3-21.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_security", product: { name: "database_-_security", product_id: "CSAFPID-1673508", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_security:23.4-23.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "spatial_and_graph_mapviewer", product: { name: "spatial_and_graph_mapviewer", product_id: "CSAFPID-912561", product_identification_helper: { cpe: "cpe:2.3:a:oracle:spatial_and_graph_mapviewer:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "spatial_and_graph", product: { name: "spatial_and_graph", product_id: "CSAFPID-764250", product_identification_helper: { cpe: "cpe:2.3:a:oracle:spatial_and_graph:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "spatial_and_graph", product: { name: "spatial_and_graph", product_id: "CSAFPID-1673511", product_identification_helper: { cpe: "cpe:2.3:a:oracle:spatial_and_graph:19.3-19.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "spatial_and_graph", product: { name: "spatial_and_graph", product_id: "CSAFPID-1673512", product_identification_helper: { cpe: "cpe:2.3:a:oracle:spatial_and_graph:21.3-21.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "spatial_and_graph", product: { name: "spatial_and_graph", product_id: "CSAFPID-816800", product_identification_helper: { cpe: "cpe:2.3:a:oracle:spatial_and_graph:23.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "spatial_and_graph", product: { name: "spatial_and_graph", product_id: "CSAFPID-1673529", product_identification_helper: { cpe: "cpe:2.3:a:oracle:spatial_and_graph:23.4-23.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fleet_patching_and_provisioning_-_micronaut", product: { name: "fleet_patching_and_provisioning_-_micronaut", product_id: "CSAFPID-1673492", product_identification_helper: { cpe: "cpe:2.3:a:oracle:fleet_patching_and_provisioning_-_micronaut:23.4-23.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fleet_patching_and_provisioning", product: { name: "fleet_patching_and_provisioning", product_id: "CSAFPID-1503603", product_identification_helper: { cpe: "cpe:2.3:a:oracle:fleet_patching_and_provisioning:23.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_xml_database", product: { name: "database_-_xml_database", product_id: "CSAFPID-1673445", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_xml_database:19.3-19.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_xml_database", product: { name: "database_-_xml_database", product_id: "CSAFPID-1673443", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_xml_database:21.3-21.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_xml_database", product: { name: "database_-_xml_database", product_id: "CSAFPID-1673444", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_xml_database:23.4-23.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_java_vm", product: { name: "database_-_java_vm", product_id: "CSAFPID-1673451", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_java_vm:19.3-19.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_java_vm", product: { name: "database_-_java_vm", product_id: "CSAFPID-1673450", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_java_vm:21.3-21.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_java_vm", product: { name: "database_-_java_vm", product_id: "CSAFPID-1673452", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_java_vm:23.4-23.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "autonomous_health_framework", product: { name: "autonomous_health_framework", product_id: "CSAFPID-816798", product_identification_helper: { cpe: "cpe:2.3:a:oracle:autonomous_health_framework:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "autonomous_health_framework", product: { name: "autonomous_health_framework", product_id: "CSAFPID-816799", product_identification_helper: { cpe: "cpe:2.3:a:oracle:autonomous_health_framework:23.10:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "autonomous_health_framework", product: { name: "autonomous_health_framework", product_id: "CSAFPID-1673525", product_identification_helper: { cpe: "cpe:2.3:a:oracle:autonomous_health_framework:prior_to_24.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-912046", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-1503299", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-816855", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-816361", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-912045", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-1503302", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-912044", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-1503306", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-816852", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.12:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-912600", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-816853", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-912601", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-816854", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition22.3.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sqlcl", product: { name: "sqlcl", product_id: "CSAFPID-816801", product_identification_helper: { cpe: "cpe:2.3:a:oracle:sqlcl:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sqlcl", product: { name: "sqlcl", product_id: "CSAFPID-1673405", product_identification_helper: { cpe: "cpe:2.3:a:oracle:sqlcl:23.4-23.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "application_express_administration", product: { name: "application_express_administration", product_id: "CSAFPID-764731", product_identification_helper: { cpe: "cpe:2.3:a:oracle:application_express_administration:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "application_express_customers_plugin", product: { name: "application_express_customers_plugin", product_id: "CSAFPID-764732", product_identification_helper: { cpe: "cpe:2.3:a:oracle:application_express_customers_plugin:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "application_express_team_calendar_plugin", product: { name: "application_express_team_calendar_plugin", product_id: "CSAFPID-764733", product_identification_helper: { cpe: "cpe:2.3:a:oracle:application_express_team_calendar_plugin:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "application_express", product: { name: "application_express", product_id: "CSAFPID-266119", product_identification_helper: { cpe: "cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "application_express", product: { name: "application_express", product_id: "CSAFPID-1673510", product_identification_helper: { cpe: "cpe:2.3:a:oracle:application_express:23.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "application_express", product: { name: "application_express", product_id: "CSAFPID-1503575", product_identification_helper: { cpe: "cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "application_express", product: { name: "application_express", product_id: "CSAFPID-1673188", product_identification_helper: { cpe: "cpe:2.3:a:oracle:application_express:24.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "autonomous_health_framework", product: { name: "autonomous_health_framework", product_id: "CSAFPID-765238", product_identification_helper: { cpe: "cpe:2.3:a:oracle:autonomous_health_framework:19c:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "autonomous_health_framework", product: { name: "autonomous_health_framework", product_id: "CSAFPID-765239", product_identification_helper: { cpe: "cpe:2.3:a:oracle:autonomous_health_framework:21c:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "blockchain_platform", product: { name: "blockchain_platform", product_id: "CSAFPID-764779", product_identification_helper: { cpe: "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "blockchain_platform", product: { name: "blockchain_platform", product_id: "CSAFPID-89587", product_identification_helper: { cpe: "cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "essbase", product: { name: "essbase", product_id: "CSAFPID-765259", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:_security_and_provisioning___21.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "essbase", product: { name: "essbase", product_id: "CSAFPID-187448", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:21.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "essbase", product: { name: "essbase", product_id: "CSAFPID-94075", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:21.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "essbase", product: { name: "essbase", product_id: "CSAFPID-220886", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:21.4.3.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "essbase", product: { name: "essbase", product_id: "CSAFPID-611394", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:21.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "essbase", product: { name: "essbase", product_id: "CSAFPID-816317", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:21.5.3.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "essbase", product: { name: "essbase", product_id: "CSAFPID-912567", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:21.5.4.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "essbase", product: { name: "essbase", product_id: "CSAFPID-1503612", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:21.5.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "essbase", product: { name: "essbase", product_id: "CSAFPID-1673479", product_identification_helper: { cpe: "cpe:2.3:a:oracle:essbase:21.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_essbase", product: { name: "oracle_essbase", product_id: "CSAFPID-1650506", product_identification_helper: { cpe: "cpe:2.3:a:oracle:oracle_essbase:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_big_data_and_application_adapters", product: { name: "goldengate_big_data_and_application_adapters", product_id: "CSAFPID-816845", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_big_data_and_application_adapters", product: { name: "goldengate_big_data_and_application_adapters", product_id: "CSAFPID-1650825", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_big_data_and_application_adapters", product: { name: "goldengate_big_data_and_application_adapters", product_id: "CSAFPID-1673404", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_big_data_and_application_adapters", product: { name: "goldengate_big_data_and_application_adapters", product_id: "CSAFPID-1650831", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3-21.14.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_big_data", product: { name: "goldengate_big_data", product_id: "CSAFPID-764274", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_big_data:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_stream_analytics", product: { name: "goldengate_stream_analytics", product_id: "CSAFPID-764752", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_stream_analytics", product: { name: "goldengate_stream_analytics", product_id: "CSAFPID-1673384", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0-19.1.0.0.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_stream_analytics", product: { name: "goldengate_stream_analytics", product_id: "CSAFPID-220192", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_stream_analytics", product: { name: "goldengate_stream_analytics", product_id: "CSAFPID-220193", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_stream_analytics:19.1.0.0.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_studio", product: { name: "goldengate_studio", product_id: "CSAFPID-816846", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_studio:12.2.0.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_studio", product: { name: "goldengate_studio", product_id: "CSAFPID-611390", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_studio:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_studio", product: { name: "goldengate_studio", product_id: "CSAFPID-764803", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_studio:fusion_middleware_12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_veridata", product: { name: "goldengate_veridata", product_id: "CSAFPID-764275", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_veridata:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-342816", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1650767", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.23.0.0.240716:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-485902", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:19.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1503736", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:19.23.0.0.240716:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-219912", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:19c:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1503739", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:21.14:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1650765", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:21.3-21.14:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1503738", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:21.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_goldengate_stream_analytics", product: { name: "oracle_goldengate_stream_analytics", product_id: "CSAFPID-1650515", product_identification_helper: { cpe: "cpe:2.3:a:oracle:oracle_goldengate_stream_analytics:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "management_pack_for__goldengate", product: { name: "management_pack_for__goldengate", product_id: "CSAFPID-764861", product_identification_helper: { cpe: "cpe:2.3:a:oracle:management_pack_for__goldengate:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "management_pack_for__goldengate", product: { name: "management_pack_for__goldengate", product_id: "CSAFPID-1503640", product_identification_helper: { cpe: "cpe:2.3:a:oracle:management_pack_for__goldengate:12.2.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_goldengate_studio", product: { name: "oracle_goldengate_studio", product_id: "CSAFPID-1650835", product_identification_helper: { cpe: "cpe:2.3:a:oracle:oracle_goldengate_studio:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_goldengate", product: { name: "oracle_goldengate", product_id: "CSAFPID-1650575", product_identification_helper: { cpe: "cpe:2.3:a:oracle:oracle_goldengate:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-764813", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1503661", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:1.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1503663", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:1.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1673497", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-764764", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:19.5.33:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-764765", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:20.3.28:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1673491", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:20.3.40:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-764766", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:21.2.55:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1673495", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:21.2.71:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-764767", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:22.3.26:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1673493", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:22.3.45:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1673489", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:23.3.33:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1673488", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:24.1.17:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1650757", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:prior_to_19.5.42:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1650758", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:prior_to_20.3.40:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1650761", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:prior_to_21.2.27:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1650760", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:prior_to_22.3.46:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "nosql_database", product: { name: "nosql_database", product_id: "CSAFPID-1650759", product_identification_helper: { cpe: "cpe:2.3:a:oracle:nosql_database:prior_to_23.3.32:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_nosql_database", product: { name: "oracle_nosql_database", product_id: "CSAFPID-1650584", product_identification_helper: { cpe: "cpe:2.3:a:oracle:oracle_nosql_database:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_secure_backup", product: { name: "oracle_secure_backup", product_id: "CSAFPID-1650563", product_identification_helper: { cpe: "cpe:2.3:a:oracle:oracle_secure_backup:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "secure_backup", product: { name: "secure_backup", product_id: "CSAFPID-667692", product_identification_helper: { cpe: "cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "secure_backup", product: { name: "secure_backup", product_id: "CSAFPID-345049", product_identification_helper: { cpe: "cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "secure_backup", product: { name: "secure_backup", product_id: "CSAFPID-611417", product_identification_helper: { cpe: "cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "secure_backup", product: { name: "secure_backup", product_id: "CSAFPID-1673422", product_identification_helper: { cpe: "cpe:2.3:a:oracle:secure_backup:19.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_sql_developer", product: { name: "oracle_sql_developer", product_id: "CSAFPID-1650638", product_identification_helper: { cpe: "cpe:2.3:a:oracle:oracle_sql_developer:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sql_developer", product: { name: "sql_developer", product_id: "CSAFPID-764822", product_identification_helper: { cpe: "cpe:2.3:a:oracle:sql_developer:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sql_developer", product: { name: "sql_developer", product_id: "CSAFPID-220643", product_identification_helper: { cpe: "cpe:2.3:a:oracle:sql_developer:21.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sql_developer", product: { name: "sql_developer", product_id: "CSAFPID-816870", product_identification_helper: { cpe: "cpe:2.3:a:oracle:sql_developer:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sql_developer", product: { name: "sql_developer", product_id: "CSAFPID-816871", product_identification_helper: { cpe: "cpe:2.3:a:oracle:sql_developer:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sql_developer", product: { name: "sql_developer", product_id: "CSAFPID-1673397", product_identification_helper: { cpe: "cpe:2.3:a:oracle:sql_developer:24.3.0:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, { branches: [ { category: "product_name", name: "oracle_application_express", product: { name: "oracle_application_express", product_id: "CSAFPID-1673144", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:oracle_application_express:24.1:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle_corporation", }, ], }, vulnerabilities: [ { cve: "CVE-2022-1471", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-611390", "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764779", "CSAFPID-94075", "CSAFPID-220886", "CSAFPID-764803", "CSAFPID-764813", "CSAFPID-342816", "CSAFPID-764752", "CSAFPID-764822", "CSAFPID-1650515", "CSAFPID-1650638", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816317", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-89587", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816361", "CSAFPID-220643", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-667692", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-912046", "CSAFPID-912045", "CSAFPID-912044", ], }, references: [ { category: "self", summary: "CVE-2022-1471", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-1471.json", }, ], title: "CVE-2022-1471", }, { cve: "CVE-2022-34169", cwe: { id: "CWE-192", name: "Integer Coercion Error", }, notes: [ { category: "other", text: "Integer Coercion Error", title: "CWE-192", }, { category: "other", text: "Incorrect Conversion between Numeric Types", title: "CWE-681", }, ], product_status: { known_affected: [ "CSAFPID-764779", "CSAFPID-94075", "CSAFPID-342816", "CSAFPID-764803", "CSAFPID-764813", "CSAFPID-764822", "CSAFPID-764752", "CSAFPID-764275", "CSAFPID-764861", "CSAFPID-266119", "CSAFPID-187448", "CSAFPID-219912", "CSAFPID-765238", "CSAFPID-765239", "CSAFPID-765259", "CSAFPID-667692", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-764250", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816317", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816361", "CSAFPID-220643", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-1673384", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-912046", "CSAFPID-912045", "CSAFPID-912044", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, references: [ { category: "self", summary: "CVE-2022-34169", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-34169.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-764779", "CSAFPID-94075", "CSAFPID-342816", "CSAFPID-764803", "CSAFPID-764813", "CSAFPID-764822", "CSAFPID-764752", "CSAFPID-764275", "CSAFPID-764861", "CSAFPID-266119", "CSAFPID-187448", "CSAFPID-219912", "CSAFPID-765238", "CSAFPID-765239", "CSAFPID-765259", "CSAFPID-667692", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-764250", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816317", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816361", "CSAFPID-220643", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-1673384", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-912046", "CSAFPID-912045", "CSAFPID-912044", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, ], title: "CVE-2022-34169", }, { cve: "CVE-2022-36033", cwe: { id: "CWE-87", name: "Improper Neutralization of Alternate XSS Syntax", }, notes: [ { category: "other", text: "Improper Neutralization of Alternate XSS Syntax", title: "CWE-87", }, { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-611390", "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764779", "CSAFPID-220886", "CSAFPID-94075", "CSAFPID-764803", "CSAFPID-342816", "CSAFPID-764752", "CSAFPID-764861", "CSAFPID-764813", "CSAFPID-764822", "CSAFPID-266119", "CSAFPID-187448", "CSAFPID-1650515", "CSAFPID-1650835", "CSAFPID-219912", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816317", "CSAFPID-667692", "CSAFPID-1673384", "CSAFPID-912561", "CSAFPID-1503575", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816361", "CSAFPID-220643", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-912567", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-912046", "CSAFPID-912045", "CSAFPID-912044", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, references: [ { category: "self", summary: "CVE-2022-36033", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-36033.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-611390", "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764779", "CSAFPID-220886", "CSAFPID-94075", "CSAFPID-764803", "CSAFPID-342816", "CSAFPID-764752", "CSAFPID-764861", "CSAFPID-764813", "CSAFPID-764822", "CSAFPID-266119", "CSAFPID-187448", "CSAFPID-1650515", "CSAFPID-1650835", "CSAFPID-219912", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816317", "CSAFPID-667692", "CSAFPID-1673384", "CSAFPID-912561", "CSAFPID-1503575", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816361", "CSAFPID-220643", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-912567", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-912046", "CSAFPID-912045", "CSAFPID-912044", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, ], title: "CVE-2022-36033", }, { cve: "CVE-2022-37454", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "other", text: "Integer Overflow to Buffer Overflow", title: "CWE-680", }, ], product_status: { known_affected: [ "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-611390", "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-220886", "CSAFPID-342816", "CSAFPID-764752", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764779", "CSAFPID-94075", "CSAFPID-764803", "CSAFPID-764813", "CSAFPID-764822", "CSAFPID-1650563", "CSAFPID-89587", "CSAFPID-764861", ], }, references: [ { category: "self", summary: "CVE-2022-37454", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-37454.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-611390", "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-220886", "CSAFPID-342816", "CSAFPID-764752", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764779", "CSAFPID-94075", "CSAFPID-764803", "CSAFPID-764813", "CSAFPID-764822", "CSAFPID-1650563", "CSAFPID-89587", "CSAFPID-764861", ], }, ], title: "CVE-2022-37454", }, { cve: "CVE-2022-38136", product_status: { known_affected: [ "CSAFPID-1673385", "CSAFPID-1673386", ], }, references: [ { category: "self", summary: "CVE-2022-38136", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-38136.json", }, ], title: "CVE-2022-38136", }, { cve: "CVE-2022-40196", product_status: { known_affected: [ "CSAFPID-1673385", "CSAFPID-1673386", ], }, references: [ { category: "self", summary: "CVE-2022-40196", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-40196.json", }, ], title: "CVE-2022-40196", }, { cve: "CVE-2022-41342", product_status: { known_affected: [ "CSAFPID-1673385", "CSAFPID-1673386", ], }, references: [ { category: "self", summary: "CVE-2022-41342", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-41342.json", }, ], title: "CVE-2022-41342", }, { cve: "CVE-2022-42919", cwe: { id: "CWE-311", name: "Missing Encryption of Sensitive Data", }, notes: [ { category: "other", text: "Missing Encryption of Sensitive Data", title: "CWE-311", }, { category: "other", text: "Improper Privilege Management", title: "CWE-269", }, ], product_status: { known_affected: [ "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-611390", "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-220886", "CSAFPID-342816", "CSAFPID-764752", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764779", "CSAFPID-94075", "CSAFPID-764803", "CSAFPID-764813", "CSAFPID-764822", "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2022-42919", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-42919.json", }, ], title: "CVE-2022-42919", }, { cve: "CVE-2022-45061", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Inefficient Algorithmic Complexity", title: "CWE-407", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-220886", "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-342816", "CSAFPID-764752", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764779", "CSAFPID-94075", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-611390", "CSAFPID-764803", "CSAFPID-764813", "CSAFPID-764822", "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2022-45061", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-45061.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-220886", "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-342816", "CSAFPID-764752", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764779", "CSAFPID-94075", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-611390", "CSAFPID-764803", "CSAFPID-764813", "CSAFPID-764822", "CSAFPID-89587", ], }, ], title: "CVE-2022-45061", }, { cve: "CVE-2022-46337", product_status: { known_affected: [ "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-1673384", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-764752", "CSAFPID-764275", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-912046", "CSAFPID-912045", "CSAFPID-912044", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-764250", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816317", "CSAFPID-816845", "CSAFPID-342816", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-816361", "CSAFPID-764813", "CSAFPID-220643", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-667692", ], }, references: [ { category: "self", summary: "CVE-2022-46337", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-46337.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-1673384", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-764752", "CSAFPID-764275", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-912046", "CSAFPID-912045", "CSAFPID-912044", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-764250", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816317", "CSAFPID-816845", "CSAFPID-342816", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-816361", "CSAFPID-764813", "CSAFPID-220643", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-667692", ], }, ], title: "CVE-2022-46337", }, { cve: "CVE-2023-2976", cwe: { id: "CWE-552", name: "Files or Directories Accessible to External Parties", }, notes: [ { category: "other", text: "Files or Directories Accessible to External Parties", title: "CWE-552", }, ], product_status: { known_affected: [ "CSAFPID-1650584", "CSAFPID-1650835", "CSAFPID-1650506", "CSAFPID-1650515", "CSAFPID-816317", "CSAFPID-816845", "CSAFPID-342816", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816361", "CSAFPID-764813", "CSAFPID-220643", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-667692", "CSAFPID-89587", "CSAFPID-1673397", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-345049", "CSAFPID-816801", "CSAFPID-611390", "CSAFPID-611394", "CSAFPID-611417", "CSAFPID-764250", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, references: [ { category: "self", summary: "CVE-2023-2976", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-2976.json", }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1650584", "CSAFPID-1650835", "CSAFPID-1650506", "CSAFPID-1650515", "CSAFPID-816317", "CSAFPID-816845", "CSAFPID-342816", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816361", "CSAFPID-764813", "CSAFPID-220643", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-667692", "CSAFPID-89587", "CSAFPID-1673397", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-345049", "CSAFPID-816801", "CSAFPID-611390", "CSAFPID-611394", "CSAFPID-611417", "CSAFPID-764250", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, ], title: "CVE-2023-2976", }, { cve: "CVE-2023-4043", cwe: { id: "CWE-834", name: "Excessive Iteration", }, notes: [ { category: "other", text: "Excessive Iteration", title: "CWE-834", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1673405", "CSAFPID-1673397", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, references: [ { category: "self", summary: "CVE-2023-4043", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4043.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673405", "CSAFPID-1673397", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, ], title: "CVE-2023-4043", }, { cve: "CVE-2023-4759", cwe: { id: "CWE-59", name: "Improper Link Resolution Before File Access ('Link Following')", }, notes: [ { category: "other", text: "Improper Link Resolution Before File Access ('Link Following')", title: "CWE-59", }, { category: "other", text: "Improper Handling of Case Sensitivity", title: "CWE-178", }, ], product_status: { known_affected: [ "CSAFPID-1673397", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2023-4759", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4759.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673397", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2023-4759", }, { cve: "CVE-2023-4863", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-89587", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-342816", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816798", "CSAFPID-816801", ], }, references: [ { category: "self", summary: "CVE-2023-4863", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4863.json", }, ], title: "CVE-2023-4863", }, { cve: "CVE-2023-5072", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1650575", "CSAFPID-1650515", "CSAFPID-1650835", "CSAFPID-89587", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, references: [ { category: "self", summary: "CVE-2023-5072", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5072.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1650575", "CSAFPID-1650515", "CSAFPID-1650835", "CSAFPID-89587", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, ], title: "CVE-2023-5072", }, { cve: "CVE-2023-26031", cwe: { id: "CWE-426", name: "Untrusted Search Path", }, notes: [ { category: "other", text: "Untrusted Search Path", title: "CWE-426", }, ], product_status: { known_affected: [ "CSAFPID-1673384", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2023-26031", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26031.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673384", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2023-26031", }, { cve: "CVE-2023-26551", product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2023-26551", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26551.json", }, ], scores: [ { cvss_v3: { baseScore: 0, baseSeverity: "NONE", vectorString: "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2023-26551", }, { cve: "CVE-2023-26552", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2023-26552", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26552.json", }, ], scores: [ { cvss_v3: { baseScore: 5.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2023-26552", }, { cve: "CVE-2023-26553", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2023-26553", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26553.json", }, ], scores: [ { cvss_v3: { baseScore: 5.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2023-26553", }, { cve: "CVE-2023-26554", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2023-26554", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26554.json", }, ], scores: [ { cvss_v3: { baseScore: 5.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2023-26554", }, { cve: "CVE-2023-26555", product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2023-26555", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26555.json", }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2023-26555", }, { cve: "CVE-2023-28484", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-764250", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-220886", "CSAFPID-816317", "CSAFPID-764813", "CSAFPID-89587", "CSAFPID-342816", "CSAFPID-345049", "CSAFPID-764752", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-611390", "CSAFPID-611394", "CSAFPID-611417", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-220643", "CSAFPID-667692", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", ], }, references: [ { category: "self", summary: "CVE-2023-28484", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-28484.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-764250", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-220886", "CSAFPID-816317", "CSAFPID-764813", "CSAFPID-89587", "CSAFPID-342816", "CSAFPID-345049", "CSAFPID-764752", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-611390", "CSAFPID-611394", "CSAFPID-611417", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-220643", "CSAFPID-667692", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", ], }, ], title: "CVE-2023-28484", }, { cve: "CVE-2023-29469", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Double Free", title: "CWE-415", }, ], product_status: { known_affected: [ "CSAFPID-611417", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-816317", "CSAFPID-89587", "CSAFPID-220886", "CSAFPID-342816", "CSAFPID-345049", "CSAFPID-764752", "CSAFPID-611390", "CSAFPID-611394", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-220643", "CSAFPID-667692", "CSAFPID-764813", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-764250", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", ], }, references: [ { category: "self", summary: "CVE-2023-29469", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-29469.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-611417", "CSAFPID-764731", "CSAFPID-764732", "CSAFPID-764733", "CSAFPID-816317", "CSAFPID-89587", "CSAFPID-220886", "CSAFPID-342816", "CSAFPID-345049", "CSAFPID-764752", "CSAFPID-611390", "CSAFPID-611394", "CSAFPID-764764", "CSAFPID-764765", "CSAFPID-764766", "CSAFPID-764767", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-220643", "CSAFPID-667692", "CSAFPID-764813", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-764250", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", ], }, ], title: "CVE-2023-29469", }, { cve: "CVE-2023-33201", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-1650584", "CSAFPID-1673397", "CSAFPID-912561", "CSAFPID-345049", "CSAFPID-611390", "CSAFPID-611417", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, references: [ { category: "self", summary: "CVE-2023-33201", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-33201.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-764250", "CSAFPID-611394", "CSAFPID-1650584", "CSAFPID-1673397", "CSAFPID-912561", "CSAFPID-345049", "CSAFPID-611390", "CSAFPID-611417", "CSAFPID-764274", "CSAFPID-764275", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, ], title: "CVE-2023-33201", }, { cve: "CVE-2023-37920", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, notes: [ { category: "other", text: "Improper Certificate Validation", title: "CWE-295", }, { category: "other", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, ], product_status: { known_affected: [ "CSAFPID-89587", "CSAFPID-1503575", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", ], }, references: [ { category: "self", summary: "CVE-2023-37920", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-37920.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-89587", "CSAFPID-1503575", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", ], }, ], title: "CVE-2023-37920", }, { cve: "CVE-2023-39410", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1673404", "CSAFPID-1673384", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", ], }, references: [ { category: "self", summary: "CVE-2023-39410", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-39410.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673404", "CSAFPID-1673384", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", ], }, ], title: "CVE-2023-39410", }, { cve: "CVE-2023-44487", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1650757", "CSAFPID-1650758", "CSAFPID-1650759", "CSAFPID-1650760", "CSAFPID-1650761", "CSAFPID-89587", "CSAFPID-816361", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503603", "CSAFPID-1503575", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, references: [ { category: "self", summary: "CVE-2023-44487", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44487.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1650757", "CSAFPID-1650758", "CSAFPID-1650759", "CSAFPID-1650760", "CSAFPID-1650761", "CSAFPID-89587", "CSAFPID-816361", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503603", "CSAFPID-1503575", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, ], title: "CVE-2023-44487", }, { cve: "CVE-2023-44981", cwe: { id: "CWE-639", name: "Authorization Bypass Through User-Controlled Key", }, notes: [ { category: "other", text: "Authorization Bypass Through User-Controlled Key", title: "CWE-639", }, ], product_status: { known_affected: [ "CSAFPID-1650515", "CSAFPID-89587", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", ], }, references: [ { category: "self", summary: "CVE-2023-44981", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44981.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1650515", "CSAFPID-89587", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", ], }, ], title: "CVE-2023-44981", }, { cve: "CVE-2023-45288", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2023-45288", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45288.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2023-45288", }, { cve: "CVE-2023-48795", cwe: { id: "CWE-222", name: "Truncation of Security-relevant Information", }, notes: [ { category: "other", text: "Truncation of Security-relevant Information", title: "CWE-222", }, ], product_status: { known_affected: [ "CSAFPID-1650765", "CSAFPID-1650757", "CSAFPID-1650758", "CSAFPID-1650767", "CSAFPID-1650759", "CSAFPID-1650760", "CSAFPID-1650761", "CSAFPID-89587", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503575", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, references: [ { category: "self", summary: "CVE-2023-48795", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1650765", "CSAFPID-1650757", "CSAFPID-1650758", "CSAFPID-1650767", "CSAFPID-1650759", "CSAFPID-1650760", "CSAFPID-1650761", "CSAFPID-89587", "CSAFPID-220643", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-764250", "CSAFPID-764813", "CSAFPID-816317", "CSAFPID-816361", "CSAFPID-816798", "CSAFPID-816799", "CSAFPID-816800", "CSAFPID-816801", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-816852", "CSAFPID-816853", "CSAFPID-816854", "CSAFPID-816855", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-816870", "CSAFPID-816871", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-1503603", "CSAFPID-1503612", "CSAFPID-1503575", "CSAFPID-1503640", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", ], }, ], title: "CVE-2023-48795", }, { cve: "CVE-2023-49083", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-89587", "CSAFPID-342816", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816798", "CSAFPID-816801", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2023-49083", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-49083.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-89587", "CSAFPID-342816", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816798", "CSAFPID-816801", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2023-49083", }, { cve: "CVE-2023-51384", cwe: { id: "CWE-304", name: "Missing Critical Step in Authentication", }, notes: [ { category: "other", text: "Missing Critical Step in Authentication", title: "CWE-304", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2023-51384", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-51384.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2023-51384", }, { cve: "CVE-2023-51385", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2023-51385", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-51385.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2023-51385", }, { cve: "CVE-2023-52425", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-89587", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2023-52425", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52425.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-89587", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2023-52425", }, { cve: "CVE-2023-52426", cwe: { id: "CWE-776", name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", }, notes: [ { category: "other", text: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", title: "CWE-776", }, ], product_status: { known_affected: [ "CSAFPID-89587", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2023-52426", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52426.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-89587", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2023-52426", }, { cve: "CVE-2024-1874", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, { category: "other", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, ], product_status: { known_affected: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-1874", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-1874.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-1874", }, { cve: "CVE-2024-2408", cwe: { id: "CWE-203", name: "Observable Discrepancy", }, notes: [ { category: "other", text: "Observable Discrepancy", title: "CWE-203", }, { category: "other", text: "Observable Timing Discrepancy", title: "CWE-208", }, { category: "other", text: "Use of a Broken or Risky Cryptographic Algorithm", title: "CWE-327", }, { category: "other", text: "Covert Timing Channel", title: "CWE-385", }, ], product_status: { known_affected: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-2408", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2408.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-2408", }, { cve: "CVE-2024-2511", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improperly Controlled Sequential Memory Allocation", title: "CWE-1325", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-2511", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2511.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-2511", }, { cve: "CVE-2024-4577", cwe: { id: "CWE-88", name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", title: "CWE-88", }, { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, ], product_status: { known_affected: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-4577", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4577.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-4577", }, { cve: "CVE-2024-4603", cwe: { id: "CWE-606", name: "Unchecked Input for Loop Condition", }, notes: [ { category: "other", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-4603", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4603.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-4603", }, { cve: "CVE-2024-4741", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-4741", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4741.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-4741", }, { cve: "CVE-2024-5458", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-5458", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5458.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-5458", }, { cve: "CVE-2024-5535", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, ], product_status: { known_affected: [ "CSAFPID-1673508", "CSAFPID-1673525", ], }, references: [ { category: "self", summary: "CVE-2024-5535", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5535.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673508", "CSAFPID-1673525", ], }, ], title: "CVE-2024-5535", }, { cve: "CVE-2024-5585", cwe: { id: "CWE-116", name: "Improper Encoding or Escaping of Output", }, notes: [ { category: "other", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "other", text: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", title: "CWE-88", }, ], product_status: { known_affected: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-5585", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5585.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-5585", }, { cve: "CVE-2024-6119", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, notes: [ { category: "other", text: "Access of Resource Using Incompatible Type ('Type Confusion')", title: "CWE-843", }, ], product_status: { known_affected: [ "CSAFPID-1673508", "CSAFPID-1673525", ], }, references: [ { category: "self", summary: "CVE-2024-6119", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6119.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673508", "CSAFPID-1673525", ], }, ], title: "CVE-2024-6119", }, { cve: "CVE-2024-6232", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, notes: [ { category: "other", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, ], references: [ { category: "self", summary: "CVE-2024-6232", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6232.json", }, ], title: "CVE-2024-6232", }, { cve: "CVE-2024-7264", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1673529", "CSAFPID-1673479", "CSAFPID-1673511", "CSAFPID-1673512", ], }, references: [ { category: "self", summary: "CVE-2024-7264", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7264.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673529", "CSAFPID-1673479", "CSAFPID-1673511", "CSAFPID-1673512", ], }, ], title: "CVE-2024-7264", }, { cve: "CVE-2024-7592", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2024-7592", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7592.json", }, ], title: "CVE-2024-7592", }, { cve: "CVE-2024-21131", product_status: { known_affected: [ "CSAFPID-1503299", "CSAFPID-1503306", "CSAFPID-1503302", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-21131", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21131.json", }, ], title: "CVE-2024-21131", }, { cve: "CVE-2024-21138", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], product_status: { known_affected: [ "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-21138", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21138.json", }, ], title: "CVE-2024-21138", }, { cve: "CVE-2024-21140", product_status: { known_affected: [ "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503299", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-21140", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21140.json", }, ], title: "CVE-2024-21140", }, { cve: "CVE-2024-21144", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-21144", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21144.json", }, ], title: "CVE-2024-21144", }, { cve: "CVE-2024-21145", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1503299", "CSAFPID-1503306", "CSAFPID-1503302", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-21145", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21145.json", }, ], title: "CVE-2024-21145", }, { cve: "CVE-2024-21147", product_status: { known_affected: [ "CSAFPID-1503306", "CSAFPID-1503302", "CSAFPID-1503299", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-21147", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21147.json", }, ], title: "CVE-2024-21147", }, { cve: "CVE-2024-21233", product_status: { known_affected: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, references: [ { category: "self", summary: "CVE-2024-21233", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21233.json", }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, ], title: "CVE-2024-21233", }, { cve: "CVE-2024-21242", product_status: { known_affected: [ "CSAFPID-1673443", "CSAFPID-1673444", "CSAFPID-1673445", ], }, references: [ { category: "self", summary: "CVE-2024-21242", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21242.json", }, ], scores: [ { cvss_v3: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "CSAFPID-1673443", "CSAFPID-1673444", "CSAFPID-1673445", ], }, ], title: "CVE-2024-21242", }, { cve: "CVE-2024-21251", product_status: { known_affected: [ "CSAFPID-1673450", "CSAFPID-1673451", "CSAFPID-1673452", ], }, references: [ { category: "self", summary: "CVE-2024-21251", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21251.json", }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1673450", "CSAFPID-1673451", "CSAFPID-1673452", ], }, ], title: "CVE-2024-21251", }, { cve: "CVE-2024-21261", product_status: { known_affected: [ "CSAFPID-1673144", "CSAFPID-1503575", "CSAFPID-1673188", ], }, references: [ { category: "self", summary: "CVE-2024-21261", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21261.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1673144", "CSAFPID-1503575", "CSAFPID-1673188", ], }, ], title: "CVE-2024-21261", }, { cve: "CVE-2024-22018", cwe: { id: "CWE-275", name: "-", }, notes: [ { category: "other", text: "CWE-275", title: "CWE-275", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-22018", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22018.json", }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2024-22018", }, { cve: "CVE-2024-22020", product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-22020", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22020.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2024-22020", }, { cve: "CVE-2024-22201", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673384", "CSAFPID-342816", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816798", "CSAFPID-816801", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-22201", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22201.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673384", "CSAFPID-342816", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816798", "CSAFPID-816801", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-22201", }, { cve: "CVE-2024-23807", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1650831", "CSAFPID-1650825", "CSAFPID-1673479", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-23807", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23807.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1650831", "CSAFPID-1650825", "CSAFPID-1673479", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-23807", }, { cve: "CVE-2024-23944", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-1673384", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-23944", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23944.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1673384", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-23944", }, { cve: "CVE-2024-24989", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-24989", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24989.json", }, ], title: "CVE-2024-24989", }, { cve: "CVE-2024-24990", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-24990", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24990.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2024-24990", }, { cve: "CVE-2024-25710", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], product_status: { known_affected: [ "CSAFPID-89587", "CSAFPID-1673384", "CSAFPID-816871", "CSAFPID-816798", "CSAFPID-816801", "CSAFPID-342816", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-912046", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-25710", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25710.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-89587", "CSAFPID-1673384", "CSAFPID-816871", "CSAFPID-816798", "CSAFPID-816801", "CSAFPID-342816", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-912046", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-25710", }, { cve: "CVE-2024-26130", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-89587", "CSAFPID-342816", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816798", "CSAFPID-816801", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-26130", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26130.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-89587", "CSAFPID-342816", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816798", "CSAFPID-816801", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-26130", }, { cve: "CVE-2024-26308", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-89587", "CSAFPID-1673384", "CSAFPID-816871", "CSAFPID-816798", "CSAFPID-342816", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816801", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-26308", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26308.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-89587", "CSAFPID-1673384", "CSAFPID-816871", "CSAFPID-816798", "CSAFPID-342816", "CSAFPID-764275", "CSAFPID-764752", "CSAFPID-816801", "CSAFPID-816846", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912561", "CSAFPID-912567", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-816845", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-26308", }, { cve: "CVE-2024-27983", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-27983", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27983.json", }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, products: [ "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-27983", }, { cve: "CVE-2024-28182", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Detection of Error Condition Without Action", title: "CWE-390", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1673442", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-28182", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28182.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673442", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-28182", }, { cve: "CVE-2024-28849", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-89587", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-28849", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28849.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-89587", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-28849", }, { cve: "CVE-2024-28887", cwe: { id: "CWE-427", name: "Uncontrolled Search Path Element", }, notes: [ { category: "other", text: "Uncontrolled Search Path Element", title: "CWE-427", }, ], product_status: { known_affected: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, references: [ { category: "self", summary: "CVE-2024-28887", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28887.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, ], title: "CVE-2024-28887", }, { cve: "CVE-2024-29025", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1673488", "CSAFPID-1673489", "CSAFPID-1673491", "CSAFPID-1673492", "CSAFPID-1673493", "CSAFPID-1673495", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-29025", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1673488", "CSAFPID-1673489", "CSAFPID-1673491", "CSAFPID-1673492", "CSAFPID-1673493", "CSAFPID-1673495", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-29025", }, { cve: "CVE-2024-29131", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1673497", "CSAFPID-1673397", "CSAFPID-1673384", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-29131", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29131.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1673497", "CSAFPID-1673397", "CSAFPID-1673384", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-29131", }, { cve: "CVE-2024-29133", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1673497", "CSAFPID-1673397", "CSAFPID-1673384", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, references: [ { category: "self", summary: "CVE-2024-29133", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29133.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1673497", "CSAFPID-1673397", "CSAFPID-1673384", "CSAFPID-1503575", "CSAFPID-1503603", "CSAFPID-764250", "CSAFPID-1503612", "CSAFPID-1503640", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-816846", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503661", "CSAFPID-1503663", "CSAFPID-764813", ], }, ], title: "CVE-2024-29133", }, { cve: "CVE-2024-31079", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Stack-based Buffer Overflow", title: "CWE-121", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-31079", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-31079.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2024-31079", }, { cve: "CVE-2024-32760", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-32760", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32760.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2024-32760", }, { cve: "CVE-2024-34161", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, notes: [ { category: "other", text: "Missing Release of Memory after Effective Lifetime", title: "CWE-401", }, { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-34161", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34161.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2024-34161", }, { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, notes: [ { category: "other", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673504", "CSAFPID-1673506", ], }, references: [ { category: "self", summary: "CVE-2024-34750", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34750.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673504", "CSAFPID-1673506", ], }, ], title: "CVE-2024-34750", }, { cve: "CVE-2024-35200", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-35200", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35200.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2024-35200", }, { cve: "CVE-2024-36137", cwe: { id: "CWE-275", name: "-", }, notes: [ { category: "other", text: "CWE-275", title: "CWE-275", }, { category: "other", text: "Incorrect Permission Assignment for Critical Resource", title: "CWE-732", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-36137", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36137.json", }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2024-36137", }, { cve: "CVE-2024-36138", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, ], product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-36138", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36138.json", }, ], title: "CVE-2024-36138", }, { cve: "CVE-2024-36387", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-36387", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36387.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-36387", }, { cve: "CVE-2024-37370", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, notes: [ { category: "other", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, ], product_status: { known_affected: [ "CSAFPID-1673507", "CSAFPID-1673508", "CSAFPID-1673509", ], }, references: [ { category: "self", summary: "CVE-2024-37370", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37370.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673507", "CSAFPID-1673508", "CSAFPID-1673509", ], }, ], title: "CVE-2024-37370", }, { cve: "CVE-2024-37371", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, notes: [ { category: "other", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, ], product_status: { known_affected: [ "CSAFPID-1673507", "CSAFPID-1673508", "CSAFPID-1673509", ], }, references: [ { category: "self", summary: "CVE-2024-37371", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37371.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673507", "CSAFPID-1673508", "CSAFPID-1673509", ], }, ], title: "CVE-2024-37371", }, { cve: "CVE-2024-37372", product_status: { known_affected: [ "CSAFPID-89587", ], }, references: [ { category: "self", summary: "CVE-2024-37372", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37372.json", }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-89587", ], }, ], title: "CVE-2024-37372", }, { cve: "CVE-2024-38356", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-1673510", "CSAFPID-1503575", "CSAFPID-1673188", ], }, references: [ { category: "self", summary: "CVE-2024-38356", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38356.json", }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1673510", "CSAFPID-1503575", "CSAFPID-1673188", ], }, ], title: "CVE-2024-38356", }, { cve: "CVE-2024-38357", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-1673510", "CSAFPID-1503575", "CSAFPID-1673188", ], }, references: [ { category: "self", summary: "CVE-2024-38357", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38357.json", }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1673510", "CSAFPID-1503575", "CSAFPID-1673188", ], }, ], title: "CVE-2024-38357", }, { cve: "CVE-2024-38472", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, notes: [ { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-38472", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38472.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-38472", }, { cve: "CVE-2024-38473", cwe: { id: "CWE-172", name: "Encoding Error", }, notes: [ { category: "other", text: "Encoding Error", title: "CWE-172", }, { category: "other", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-38473", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38473.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-38473", }, { cve: "CVE-2024-38474", cwe: { id: "CWE-172", name: "Encoding Error", }, notes: [ { category: "other", text: "Encoding Error", title: "CWE-172", }, { category: "other", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-38474", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38474.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-38474", }, { cve: "CVE-2024-38475", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, { category: "other", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-38475", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38475.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-38475", }, { cve: "CVE-2024-38476", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Inclusion of Functionality from Untrusted Control Sphere", title: "CWE-829", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-38476", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38476.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-38476", }, { cve: "CVE-2024-38477", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-38477", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38477.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-38477", }, { cve: "CVE-2024-38998", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, notes: [ { category: "other", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, ], product_status: { known_affected: [ "CSAFPID-1673511", "CSAFPID-1673512", "CSAFPID-1503575", "CSAFPID-1673188", ], }, references: [ { category: "self", summary: "CVE-2024-38998", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38998.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673511", "CSAFPID-1673512", "CSAFPID-1503575", "CSAFPID-1673188", ], }, ], title: "CVE-2024-38998", }, { cve: "CVE-2024-38999", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, notes: [ { category: "other", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, ], product_status: { known_affected: [ "CSAFPID-1673511", "CSAFPID-1673512", "CSAFPID-1503575", "CSAFPID-1673188", ], }, references: [ { category: "self", summary: "CVE-2024-38999", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38999.json", }, ], scores: [ { cvss_v3: { baseScore: 10, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673511", "CSAFPID-1673512", "CSAFPID-1503575", "CSAFPID-1673188", ], }, ], title: "CVE-2024-38999", }, { cve: "CVE-2024-39573", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, notes: [ { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-39573", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39573.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-39573", }, { cve: "CVE-2024-39884", cwe: { id: "CWE-18", name: "-", }, notes: [ { category: "other", text: "CWE-18", title: "CWE-18", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-39884", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39884.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-39884", }, { cve: "CVE-2024-40725", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Exposure of Resource to Wrong Sphere", title: "CWE-668", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", ], }, references: [ { category: "self", summary: "CVE-2024-40725", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40725.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", ], }, ], title: "CVE-2024-40725", }, { cve: "CVE-2024-40898", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, notes: [ { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, ], product_status: { known_affected: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", ], }, references: [ { category: "self", summary: "CVE-2024-40898", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40898.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-345049", "CSAFPID-611417", "CSAFPID-1673479", ], }, ], title: "CVE-2024-40898", }, { cve: "CVE-2024-45490", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "other", text: "Incorrect Calculation of Buffer Size", title: "CWE-131", }, ], product_status: { known_affected: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, references: [ { category: "self", summary: "CVE-2024-45490", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45490.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, ], title: "CVE-2024-45490", }, { cve: "CVE-2024-45491", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, references: [ { category: "self", summary: "CVE-2024-45491", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45491.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, ], title: "CVE-2024-45491", }, { cve: "CVE-2024-45492", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, references: [ { category: "self", summary: "CVE-2024-45492", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45492.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673385", "CSAFPID-1673442", "CSAFPID-1673386", ], }, ], title: "CVE-2024-45492", }, { cve: "CVE-2024-45801", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, notes: [ { category: "other", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, { category: "other", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, ], product_status: { known_affected: [ "CSAFPID-1503575", "CSAFPID-1673188", ], }, references: [ { category: "self", summary: "CVE-2024-45801", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45801.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1503575", "CSAFPID-1673188", ], }, ], title: "CVE-2024-45801", }, ], }
NCSC-2024-0466
Vulnerability from csaf_ncscnl
Notes
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Atlassian heeft kwetsbaarheden verholpen in diverse producten als Jira, Bamboo en Confluence.", title: "Feiten", }, { category: "description", text: "De kwetsbaarheden bevinden zich in verschillende third party componenten van ontwikkelaars zoals Oracle, RedHat en het Apache consortium. Deze kwetsbaarheden kunnen leiden tot geheugenuitputting en Denial-of-Service (DoS) door onjuiste invoerbeperkingen. Aanvallers kunnen deze kwetsbaarheden misbruiken door speciaal vervaardigde verzoeken te sturen, wat kan resulteren in systeeminstabiliteit en crashes.\nVoor de kwetsbaarheden zijn door de diverse ontwikkelaars updates uitgebracht om ze te verhelpen. Atlassian heeft de updates verwerkt in de eigen producten.", title: "Interpretaties", }, { category: "description", text: "Atlassian heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "general", text: "Improper Verification of Cryptographic Signature", title: "CWE-347", }, { category: "general", text: "Excessive Platform Resource Consumption within a Loop", title: "CWE-1050", }, { category: "general", text: "Relative Path Traversal", title: "CWE-23", }, { category: "general", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, { category: "general", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "general", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "general", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - certbundde", url: "https://confluence.atlassian.com/security/security-bulletin-november-19-2024-1456179091.html", }, ], title: "Kwetsbaarheden verholpen in Atlassian producten", tracking: { current_release_date: "2024-12-06T13:05:55.904619Z", id: "NCSC-2024-0466", initial_release_date: "2024-12-06T13:05:55.904619Z", revision_history: [ { date: "2024-12-06T13:05:55.904619Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "atlassian_bamboo__10.0.0", product: { name: "atlassian_bamboo__10.0.0", product_id: "CSAFPID-1645374", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_bamboo__10.0.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_bamboo__9.2.17", product: { name: "atlassian_bamboo__9.2.17", product_id: "CSAFPID-1621163", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_bamboo__9.2.17:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_bamboo__9.6.4", product: { name: "atlassian_bamboo__9.6.4", product_id: "CSAFPID-1645371", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_bamboo__9.6.4:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_bitbucket__8.19.9", product: { name: "atlassian_bitbucket__8.19.9", product_id: "CSAFPID-1645370", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_bitbucket__8.19.9:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_bitbucket__8.9.19", product: { name: "atlassian_bitbucket__8.9.19", product_id: "CSAFPID-1645373", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_bitbucket__8.9.19:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_bitbucket__9.0.0", product: { name: "atlassian_bitbucket__9.0.0", product_id: "CSAFPID-1645372", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_bitbucket__9.0.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_confluence__7.19.26", product: { name: "atlassian_confluence__7.19.26", product_id: "CSAFPID-1621160", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_confluence__7.19.26:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_confluence__7.19.26__lts_", product: { name: "atlassian_confluence__7.19.26__lts_", product_id: "CSAFPID-1621135", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_confluence__7.19.26__lts_:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_confluence__8.5.12", product: { name: "atlassian_confluence__8.5.12", product_id: "CSAFPID-1645510", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_confluence__8.5.12:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_confluence__8.5.14__lts_", product: { name: "atlassian_confluence__8.5.14__lts_", product_id: "CSAFPID-1621133", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_confluence__8.5.14__lts_:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_confluence__8.9.4", product: { name: "atlassian_confluence__8.9.4", product_id: "CSAFPID-1645509", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_confluence__8.9.4:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_confluence__9.0.1", product: { name: "atlassian_confluence__9.0.1", product_id: "CSAFPID-1621161", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_confluence__9.0.1:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_confluence_data_center__9.0.1", product: { name: "atlassian_confluence_data_center__9.0.1", product_id: "CSAFPID-1621140", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_confluence_data_center__9.0.1:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_jira_software__9.12.12__lts_", product: { name: "atlassian_jira_software__9.12.12__lts_", product_id: "CSAFPID-1621142", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_jira_software__9.12.12__lts_:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_jira_software__9.4.25__lts_", product: { name: "atlassian_jira_software__9.4.25__lts_", product_id: "CSAFPID-1621143", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_jira_software__9.4.25__lts_:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_jira_software_data_center__9.17.1", product: { name: "atlassian_jira_software_data_center__9.17.1", product_id: "CSAFPID-1621141", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_jira_software_data_center__9.17.1:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_jira_software_service_management__5.12.12__lts_", product: { name: "atlassian_jira_software_service_management__5.12.12__lts_", product_id: "CSAFPID-1621138", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_jira_software_service_management__5.12.12__lts_:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_jira_software_service_management__5.4.25__lts_", product: { name: "atlassian_jira_software_service_management__5.4.25__lts_", product_id: "CSAFPID-1621139", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_jira_software_service_management__5.4.25__lts_:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "atlassian_jira_software_service_management_data_center__5.17.1", product: { name: "atlassian_jira_software_service_management_data_center__5.17.1", product_id: "CSAFPID-1621137", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:atlassian_jira_software_service_management_data_center__5.17.1:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "bamboo", product: { name: "bamboo", product_id: "CSAFPID-716889", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "bitbucket", product: { name: "bitbucket", product_id: "CSAFPID-1725084", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:bitbucket:-:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "confluence", product: { name: "confluence", product_id: "CSAFPID-551338", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "jira_software", product: { name: "jira_software", product_id: "CSAFPID-1725085", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:jira_software:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sourcetree", product: { name: "sourcetree", product_id: "CSAFPID-1724900", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sourcetree", product: { name: "sourcetree", product_id: "CSAFPID-1725556", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:macos:*:*", }, }, }, { category: "product_name", name: "sourcetree", product: { name: "sourcetree", product_id: "CSAFPID-1725557", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:windows:*:*", }, }, }, { category: "product_name", name: "sourcetree_for_mac", product: { name: "sourcetree_for_mac", product_id: "CSAFPID-1724286", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:sourcetree_for_mac:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "sourcetree_for_windows", product: { name: "sourcetree_for_windows", product_id: "CSAFPID-1724287", product_identification_helper: { cpe: "cpe:2.3:a:atlassian:sourcetree_for_windows:*:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "atlassian", }, ], }, vulnerabilities: [ { cve: "CVE-2022-38900", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-551338", ], }, references: [ { category: "self", summary: "CVE-2022-38900", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-38900.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-551338", ], }, ], title: "CVE-2022-38900", }, { cve: "CVE-2023-46234", cwe: { id: "CWE-347", name: "Improper Verification of Cryptographic Signature", }, notes: [ { category: "other", text: "Improper Verification of Cryptographic Signature", title: "CWE-347", }, ], product_status: { known_affected: [ "CSAFPID-551338", ], }, references: [ { category: "self", summary: "CVE-2023-46234", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46234.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-551338", ], }, ], title: "CVE-2023-46234", }, { cve: "CVE-2023-52428", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-551338", "CSAFPID-1725085", "CSAFPID-716889", ], }, references: [ { category: "self", summary: "CVE-2023-52428", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52428.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-551338", "CSAFPID-1725085", "CSAFPID-716889", ], }, ], title: "CVE-2023-52428", }, { cve: "CVE-2024-4068", cwe: { id: "CWE-1050", name: "Excessive Platform Resource Consumption within a Loop", }, notes: [ { category: "other", text: "Excessive Platform Resource Consumption within a Loop", title: "CWE-1050", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-551338", ], }, references: [ { category: "self", summary: "CVE-2024-4068", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4068.json", }, ], title: "CVE-2024-4068", }, { cve: "CVE-2024-21697", product_status: { known_affected: [ "CSAFPID-1724286", "CSAFPID-1724287", "CSAFPID-1725556", "CSAFPID-1725557", ], }, references: [ { category: "self", summary: "CVE-2024-21697", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21697.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "CSAFPID-1724286", "CSAFPID-1724287", "CSAFPID-1725556", "CSAFPID-1725557", ], }, ], title: "CVE-2024-21697", }, { cve: "CVE-2024-24549", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1725084", "CSAFPID-551338", ], }, references: [ { category: "self", summary: "CVE-2024-24549", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24549.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1725084", "CSAFPID-551338", ], }, ], title: "CVE-2024-24549", }, { cve: "CVE-2024-30172", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], product_status: { known_affected: [ "CSAFPID-1621160", "CSAFPID-1621161", "CSAFPID-1645509", "CSAFPID-1645510", "CSAFPID-551338", "CSAFPID-1725084", ], }, references: [ { category: "self", summary: "CVE-2024-30172", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-30172.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1621160", "CSAFPID-1621161", "CSAFPID-1645509", "CSAFPID-1645510", "CSAFPID-551338", "CSAFPID-1725084", ], }, ], title: "CVE-2024-30172", }, { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, notes: [ { category: "other", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1621133", "CSAFPID-1621135", "CSAFPID-1621137", "CSAFPID-1621138", "CSAFPID-1621139", "CSAFPID-1621140", "CSAFPID-1621141", "CSAFPID-1621142", "CSAFPID-1621143", "CSAFPID-1621163", "CSAFPID-1645370", "CSAFPID-1645371", "CSAFPID-1645372", "CSAFPID-1645373", "CSAFPID-1645374", ], }, references: [ { category: "self", summary: "CVE-2024-34750", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34750.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1621133", "CSAFPID-1621135", "CSAFPID-1621137", "CSAFPID-1621138", "CSAFPID-1621139", "CSAFPID-1621140", "CSAFPID-1621141", "CSAFPID-1621142", "CSAFPID-1621143", "CSAFPID-1621163", "CSAFPID-1645370", "CSAFPID-1645371", "CSAFPID-1645372", "CSAFPID-1645373", "CSAFPID-1645374", ], }, ], title: "CVE-2024-34750", }, { cve: "CVE-2024-38286", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], references: [ { category: "self", summary: "CVE-2024-38286", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38286.json", }, ], title: "CVE-2024-38286", }, { cve: "CVE-2024-38816", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "other", text: "Relative Path Traversal", title: "CWE-23", }, ], product_status: { known_affected: [ "CSAFPID-551338", "CSAFPID-716889", ], }, references: [ { category: "self", summary: "CVE-2024-38816", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38816.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-551338", "CSAFPID-716889", ], }, ], title: "CVE-2024-38816", }, { cve: "CVE-2024-45801", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, notes: [ { category: "other", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, { category: "other", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, ], product_status: { known_affected: [ "CSAFPID-1725085", ], }, references: [ { category: "self", summary: "CVE-2024-45801", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45801.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1725085", ], }, ], title: "CVE-2024-45801", }, { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, ], product_status: { known_affected: [ "CSAFPID-716889", ], }, references: [ { category: "self", summary: "CVE-2024-47561", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47561.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-716889", ], }, ], title: "CVE-2024-47561", }, ], }
ncsc-2025-0021
Vulnerability from csaf_ncscnl
Notes
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Oracle heeft meerdere kwetsbaarheden verholpen in zijn Communicatieproducten, waaronder Oracle Communications Unified Assurance, Oracle Communications Cloud Native Core Network Function en Oracle Communications Order and Service Management.", title: "Feiten", }, { category: "description", text: "De kwetsbaarheden stellen ongeauthenticeerde kwaadwillenden in staat om Denial of Service (DoS) aanvallen uit te voeren of om ongeautoriseerde toegang tot gevoelige gegevens te verkrijgen. Specifieke versies, zoals 24.2.0 en 24.3.0 van de Cloud Native Core Network Function, zijn bijzonder kwetsbaar. Kwaadwillenden kunnen deze kwetsbaarheden misbruiken door speciaal geprepareerde HTTP-verzoeken te sturen naar het kwetsbare systeem.", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Dependency on Vulnerable Third-Party Component", title: "CWE-1395", }, { category: "general", text: "Always-Incorrect Control Flow Implementation", title: "CWE-670", }, { category: "general", text: "Asymmetric Resource Consumption (Amplification)", title: "CWE-405", }, { category: "general", text: "Path Traversal: '.../...//'", title: "CWE-35", }, { category: "general", text: "Return of Pointer Value Outside of Expected Range", title: "CWE-466", }, { category: "general", text: "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)", title: "CWE-338", }, { category: "general", text: "Use of Potentially Dangerous Function", title: "CWE-676", }, { category: "general", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, { category: "general", text: "Multiple Interpretations of UI Input", title: "CWE-450", }, { category: "general", text: "Incorrect Calculation of Buffer Size", title: "CWE-131", }, { category: "general", text: "Use of Weak Hash", title: "CWE-328", }, { category: "general", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, { category: "general", text: "Incorrect Resource Transfer Between Spheres", title: "CWE-669", }, { category: "general", text: "Insufficient Granularity of Access Control", title: "CWE-1220", }, { category: "general", text: "Insertion of Sensitive Information Into Sent Data", title: "CWE-201", }, { category: "general", text: "Acceptance of Extraneous Untrusted Data With Trusted Data", title: "CWE-349", }, { category: "general", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "general", text: "Improper Verification of Cryptographic Signature", title: "CWE-347", }, { category: "general", text: "Excessive Iteration", title: "CWE-834", }, { category: "general", text: "Improper Handling of Case Sensitivity", title: "CWE-178", }, { category: "general", text: "Time-of-check Time-of-use (TOCTOU) Race Condition", title: "CWE-367", }, { category: "general", text: "Expected Behavior Violation", title: "CWE-440", }, { category: "general", text: "Double Free", title: "CWE-415", }, { category: "general", text: "Missing Encryption of Sensitive Data", title: "CWE-311", }, { category: "general", text: "Improper Enforcement of Message Integrity During Transmission in a Communication Channel", title: "CWE-924", }, { category: "general", text: "Improper Check for Unusual or Exceptional Conditions", title: "CWE-754", }, { category: "general", text: "Improper Check or Handling of Exceptional Conditions", title: "CWE-703", }, { category: "general", text: "Reachable Assertion", title: "CWE-617", }, { category: "general", text: "Uncontrolled Search Path Element", title: "CWE-427", }, { category: "general", text: "Use of Password Hash Instead of Password for Authentication", title: "CWE-836", }, { category: "general", text: "Integer Overflow to Buffer Overflow", title: "CWE-680", }, { category: "general", text: "Access of Resource Using Incompatible Type ('Type Confusion')", title: "CWE-843", }, { category: "general", text: "Relative Path Traversal", title: "CWE-23", }, { category: "general", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, { category: "general", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, { category: "general", text: "Observable Discrepancy", title: "CWE-203", }, { category: "general", text: "Improper Validation of Integrity Check Value", title: "CWE-354", }, { category: "general", text: "Missing Cryptographic Step", title: "CWE-325", }, { category: "general", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "general", text: "User Interface (UI) Misrepresentation of Critical Information", title: "CWE-451", }, { category: "general", text: "UNIX Symbolic Link (Symlink) Following", title: "CWE-61", }, { category: "general", text: "Files or Directories Accessible to External Parties", title: "CWE-552", }, { category: "general", text: "Authorization Bypass Through User-Controlled Key", title: "CWE-639", }, { category: "general", text: "Use of Hard-coded Credentials", title: "CWE-798", }, { category: "general", text: "Unrestricted Upload of File with Dangerous Type", title: "CWE-434", }, { category: "general", text: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", title: "CWE-362", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "Improper Access Control", title: "CWE-284", }, { category: "general", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "general", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, { category: "general", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, { category: "general", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "general", text: "Use of a Broken or Risky Cryptographic Algorithm", title: "CWE-327", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "general", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "general", text: "Uncaught Exception", title: "CWE-248", }, { category: "general", text: "Uncontrolled Recursion", title: "CWE-674", }, { category: "general", text: "Incorrect Authorization", title: "CWE-863", }, { category: "general", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "Improper Restriction of XML External Entity Reference", title: "CWE-611", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "general", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "general", text: "Stack-based Buffer Overflow", title: "CWE-121", }, { category: "general", text: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", title: "CWE-120", }, { category: "general", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, { category: "general", text: "Improper Privilege Management", title: "CWE-269", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Generation of Error Message Containing Sensitive Information", title: "CWE-209", }, { category: "general", text: "Incorrect Default Permissions", title: "CWE-276", }, { category: "general", text: "Authentication Bypass by Capture-replay", title: "CWE-294", }, { category: "general", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - cveprojectv5; nvd; oracle", url: "https://www.oracle.com/security-alerts/cpujan2025.html", }, ], title: "Kwetsbaarheden verholpen in Oracle Communications", tracking: { current_release_date: "2025-01-22T13:30:50.189632Z", id: "NCSC-2025-0021", initial_release_date: "2025-01-22T13:30:50.189632Z", revision_history: [ { date: "2025-01-22T13:30:50.189632Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1727475", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635313", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:10.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635305", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:12.11.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635311", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:12.11.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635312", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:12.11.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635323", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:12.6.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670430", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:14.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674632", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:14.0.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674630", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:14.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635320", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674633", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:17.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670439", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635322", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670429", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670435", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670431", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670436", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670432", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635321", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635310", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635318", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674640", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674642", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670434", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635316", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674639", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635314", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674638", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674637", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635306", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:4.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635307", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:4.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635317", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:46.6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635319", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:46.6.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670438", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635324", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635315", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:5.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670433", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674641", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.0.1.10.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674635", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674636", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.1.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670437", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.1.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674631", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.1.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674634", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635308", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635309", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications__10.4.0.4", product: { name: "communications__10.4.0.4", product_id: "CSAFPID-1674629", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications__10.4.0.4:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.2", product: { name: "communications___23.4.2", product_id: "CSAFPID-1670442", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.2:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.3", product: { name: "communications___23.4.3", product_id: "CSAFPID-1635325", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.3:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.4", product: { name: "communications___23.4.4", product_id: "CSAFPID-1635326", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.4:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.5", product: { name: "communications___23.4.5", product_id: "CSAFPID-1674645", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.5:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.6", product: { name: "communications___23.4.6", product_id: "CSAFPID-1674646", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.6:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___24.2.0", product: { name: "communications___24.2.0", product_id: "CSAFPID-1674644", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___24.2.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___7.2.1.0.0", product: { name: "communications___7.2.1.0.0", product_id: "CSAFPID-1670441", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___7.2.1.0.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___8.6.0.6", product: { name: "communications___8.6.0.6", product_id: "CSAFPID-1635327", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___8.6.0.6:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___8.6.0.8", product: { name: "communications___8.6.0.8", product_id: "CSAFPID-1635328", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___8.6.0.8:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___9.0.2", product: { name: "communications___9.0.2", product_id: "CSAFPID-1670440", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___9.0.2:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___9.0.3", product: { name: "communications___9.0.3", product_id: "CSAFPID-1635329", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___9.0.3:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___9.1.1.8.0", product: { name: "communications___9.1.1.8.0", product_id: "CSAFPID-1674643", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___9.1.1.8.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1751386", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674621", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1751381", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:15.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1751383", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:15.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1751378", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:3.0.2.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1751377", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:3.0.3.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1751385", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:3.0.3.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674618", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:6.0.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674619", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674622", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1751384", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674617", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.4.3.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674623", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1751382", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:8.0.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1751380", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:8.1.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1751379", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:8.1.0.26:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674620", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___12.0.6.0.0", product: { name: "communications_applications___12.0.6.0.0", product_id: "CSAFPID-1674627", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___12.0.6.0.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___5.5.22", product: { name: "communications_applications___5.5.22", product_id: "CSAFPID-1674626", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___5.5.22:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___6.0.3", product: { name: "communications_applications___6.0.3", product_id: "CSAFPID-1674628", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___6.0.3:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___6.0.4", product: { name: "communications_applications___6.0.4", product_id: "CSAFPID-1674624", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___6.0.4:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___6.0.5", product: { name: "communications_applications___6.0.5", product_id: "CSAFPID-1674625", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___6.0.5:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_asap", product: { name: "communications_asap", product_id: "CSAFPID-816792", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-764735", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-1751255", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4-12.0.0.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-1751254", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0-15.0.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-816793", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-912557", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-764247", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-1650820", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.4-12.0.0.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-912556", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-1751303", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-220055", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-816765", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-816766", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-816767", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-1503577", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-1751300", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-764237", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1650752", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1673396", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1751085", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1751079", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:24.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_certificate_management", product: { name: "communications_cloud_native_core_certificate_management", product_id: "CSAFPID-1673526", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_certificate_management", product: { name: "communications_cloud_native_core_certificate_management", product_id: "CSAFPID-1673391", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_certificate_management", product: { name: "communications_cloud_native_core_certificate_management", product_id: "CSAFPID-1673394", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_certificate_management", product: { name: "communications_cloud_native_core_certificate_management", product_id: "CSAFPID-1751253", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:24.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-816768", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-816769", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-912085", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-1503578", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-1673389", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-1673390", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-1751090", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:24.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_dbtier", product: { name: "communications_cloud_native_core_dbtier", product_id: "CSAFPID-1673421", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_dbtier", product: { name: "communications_cloud_native_core_dbtier", product_id: "CSAFPID-1673420", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_dbtier", product: { name: "communications_cloud_native_core_dbtier", product_id: "CSAFPID-1751246", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-816770", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-816771", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-912068", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-1503579", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-816772", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-912076", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-1503580", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-219838", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-611387", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-816773", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912101", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-1503581", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-1751208", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-1751209", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912539", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912540", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912541", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912542", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912543", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-816774", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-816346", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-912077", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-1503322", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-1673413", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-1673415", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:24.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-1751231", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:24.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-816775", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-912544", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-816348", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-912545", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-816347", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-1673494", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-816776", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-816777", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-764240", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1650751", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1673517", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1673395", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-912069", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1751225", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:24.2.0-24.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1751088", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1751089", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:24.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-94291", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-816778", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-614517", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-912547", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-1673392", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-1503582", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-1673393", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-1751081", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-1751084", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-912546", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-224795", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-912548", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-912102", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-912549", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1503583", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1503584", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1503585", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1672767", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1751241", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-764826", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-90016", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-912078", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-816349", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-912550", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1503586", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1503587", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1751238", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1751240", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1673399", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1751239", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1751080", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1751082", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-816779", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:_signaling___23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_application_server", product: { name: "communications_converged_application_server", product_id: "CSAFPID-1751229", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_application_server:8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_application_server", product: { name: "communications_converged_application_server", product_id: "CSAFPID-1751230", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_application_server:8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_charging_system", product: { name: "communications_converged_charging_system", product_id: "CSAFPID-1503599", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_charging_system", product: { name: "communications_converged_charging_system", product_id: "CSAFPID-1503600", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-1751292", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.2.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-1751294", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.3.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-224793", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-1751295", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.3.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-816794", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.3.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-342793", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-1650777", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.1.0.0-12.0.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-1265", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-816350", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-1261", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_core_session_manager", product: { name: "communications_core_session_manager", product_id: "CSAFPID-1672764", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_core_session_manager:9.1.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1503588", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1751104", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.3.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-40293", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1751242", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1751237", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0.0-9.0.2.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1751097", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-611413", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1751211", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-912551", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-912552", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_element_management_system", product: { name: "communications_eagle_element_management_system", product_id: "CSAFPID-1503316", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_element_management_system", product: { name: "communications_eagle_element_management_system", product_id: "CSAFPID-1503317", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_element_management_system", product: { name: "communications_eagle_element_management_system", product_id: "CSAFPID-1751243", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_element_management_system:47.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-764242", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-819413", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-819414", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.0.2.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-816780", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.4.53:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_fraud_monitor", product: { name: "communications_fraud_monitor", product_id: "CSAFPID-816781", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_fraud_monitor:5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_fraud_monitor", product: { name: "communications_fraud_monitor", product_id: "CSAFPID-816782", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_fraud_monitor:5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_fraud_monitor", product: { name: "communications_fraud_monitor", product_id: "CSAFPID-912553", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_fraud_monitor:5.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_instant_messaging_server", product: { name: "communications_instant_messaging_server", product_id: "CSAFPID-219803", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_ip_service_activator", product: { name: "communications_ip_service_activator", product_id: "CSAFPID-204622", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_ip_service_activator", product: { name: "communications_ip_service_activator", product_id: "CSAFPID-219909", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_ip_service_activator:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_messaging_server", product: { name: "communications_messaging_server", product_id: "CSAFPID-816351", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.24.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_messaging_server", product: { name: "communications_messaging_server", product_id: "CSAFPID-1751218", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.26:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_metasolv_solution", product: { name: "communications_metasolv_solution", product_id: "CSAFPID-611595", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816353", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.2.0.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816352", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-1503589", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-1503590", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-1673414", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816783", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.2.0.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816786", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816784", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.2.0.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816787", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816785", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.2.0.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816788", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-342803", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-1650778", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.1.0.0-12.0.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-1266", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-816354", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-204563", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_integrity", product: { name: "communications_network_integrity", product_id: "CSAFPID-219776", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_offline_mediation_controller", product: { name: "communications_offline_mediation_controller", product_id: "CSAFPID-765242", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_offline_mediation_controller", product: { name: "communications_offline_mediation_controller", product_id: "CSAFPID-916906", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_offline_mediation_controller", product: { name: "communications_offline_mediation_controller", product_id: "CSAFPID-1751247", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_offline_mediation_controller:15.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_offline_mediation_controller", product: { name: "communications_offline_mediation_controller", product_id: "CSAFPID-1751248", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_offline_mediation_controller:15.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-93781", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-220132", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-912079", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-224790", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-221118", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-1673496", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_performance_intelligence", product: { name: "communications_performance_intelligence", product_id: "CSAFPID-1503591", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_policy_management", product: { name: "communications_policy_management", product_id: "CSAFPID-816789", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_policy_management", product: { name: "communications_policy_management", product_id: "CSAFPID-816790", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_pricing_design_center", product: { name: "communications_pricing_design_center", product_id: "CSAFPID-764738", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_pricing_design_center", product: { name: "communications_pricing_design_center", product_id: "CSAFPID-816355", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-1503601", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816359", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.0.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816358", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816357", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.2.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-912558", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-1751233", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-1503602", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-1751234", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.1.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816795", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.0.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816796", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816797", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.2.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1503592", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1503593", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1672762", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1503594", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1503595", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-342804", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-819415", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-819416", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.0.2.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-816791", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.4.53:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-240600", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1673382", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:5.5.0-5.5.22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1650731", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1673530", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1751235", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.1-6.0.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1751296", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.4-6.0.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-764739", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-8984", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-204510", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-204569", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-219826", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-912073", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1503596", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1503597", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1503598", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1751217", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.11:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-912080", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1673481", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:14.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1751258", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:15.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_webrtc_session_controller", product: { name: "communications_webrtc_session_controller", product_id: "CSAFPID-912554", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2022-41727", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1673530", ], }, references: [ { category: "self", summary: "CVE-2022-41727", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-41727.json", }, ], title: "CVE-2022-41727", }, { cve: "CVE-2023-4408", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2023-4408", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4408.json", }, ], title: "CVE-2023-4408", }, { cve: "CVE-2023-5678", cwe: { id: "CWE-754", name: "Improper Check for Unusual or Exceptional Conditions", }, notes: [ { category: "other", text: "Improper Check for Unusual or Exceptional Conditions", title: "CWE-754", }, { category: "other", text: "Missing Cryptographic Step", title: "CWE-325", }, { category: "other", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-764237", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2023-5678", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5678.json", }, ], title: "CVE-2023-5678", }, { cve: "CVE-2023-5981", cwe: { id: "CWE-203", name: "Observable Discrepancy", }, notes: [ { category: "other", text: "Observable Discrepancy", title: "CWE-203", }, ], product_status: { known_affected: [ "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1751217", "CSAFPID-1673481", ], }, references: [ { category: "self", summary: "CVE-2023-5981", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5981.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1751217", "CSAFPID-1673481", ], }, ], title: "CVE-2023-5981", }, { cve: "CVE-2023-6597", cwe: { id: "CWE-61", name: "UNIX Symbolic Link (Symlink) Following", }, notes: [ { category: "other", text: "UNIX Symbolic Link (Symlink) Following", title: "CWE-61", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1751097", ], }, references: [ { category: "self", summary: "CVE-2023-6597", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6597.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1751097", ], }, ], title: "CVE-2023-6597", }, { cve: "CVE-2023-7256", cwe: { id: "CWE-415", name: "Double Free", }, notes: [ { category: "other", text: "Double Free", title: "CWE-415", }, ], product_status: { known_affected: [ "CSAFPID-220132", "CSAFPID-1751084", "CSAFPID-912079", ], }, references: [ { category: "self", summary: "CVE-2023-7256", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-7256.json", }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-220132", "CSAFPID-1751084", "CSAFPID-912079", ], }, ], title: "CVE-2023-7256", }, { cve: "CVE-2023-29407", cwe: { id: "CWE-834", name: "Excessive Iteration", }, notes: [ { category: "other", text: "Excessive Iteration", title: "CWE-834", }, ], product_status: { known_affected: [ "CSAFPID-1673530", ], }, references: [ { category: "self", summary: "CVE-2023-29407", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-29407.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673530", ], }, ], title: "CVE-2023-29407", }, { cve: "CVE-2023-29408", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1673530", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2023-29408", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-29408.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673530", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2023-29408", }, { cve: "CVE-2023-40577", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-1751208", "CSAFPID-1751209", ], }, references: [ { category: "self", summary: "CVE-2023-40577", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-40577.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1751208", "CSAFPID-1751209", ], }, ], title: "CVE-2023-40577", }, { cve: "CVE-2023-46218", cwe: { id: "CWE-201", name: "Insertion of Sensitive Information Into Sent Data", }, notes: [ { category: "other", text: "Insertion of Sensitive Information Into Sent Data", title: "CWE-201", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-1751211", ], }, references: [ { category: "self", summary: "CVE-2023-46218", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46218.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-1751211", ], }, ], title: "CVE-2023-46218", }, { cve: "CVE-2023-46219", cwe: { id: "CWE-311", name: "Missing Encryption of Sensitive Data", }, notes: [ { category: "other", text: "Missing Encryption of Sensitive Data", title: "CWE-311", }, ], product_status: { known_affected: [ "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-614517", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-1751211", ], }, references: [ { category: "self", summary: "CVE-2023-46219", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46219.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-614517", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-1751211", ], }, ], title: "CVE-2023-46219", }, { cve: "CVE-2023-46604", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, ], product_status: { known_affected: [ "CSAFPID-94291", "CSAFPID-40293", "CSAFPID-1265", "CSAFPID-1261", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-219826", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-204622", "CSAFPID-219803", "CSAFPID-219838", "CSAFPID-219909", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-224793", "CSAFPID-240600", "CSAFPID-342793", "CSAFPID-342803", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-611595", "CSAFPID-614517", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764738", "CSAFPID-816346", "CSAFPID-816347", "CSAFPID-816348", "CSAFPID-816349", "CSAFPID-816350", "CSAFPID-816351", "CSAFPID-816352", "CSAFPID-816353", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816776", "CSAFPID-816777", "CSAFPID-816778", "CSAFPID-816779", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-1751104", ], }, references: [ { category: "self", summary: "CVE-2023-46604", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46604.json", }, ], scores: [ { cvss_v3: { baseScore: 10, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-94291", "CSAFPID-40293", "CSAFPID-1265", "CSAFPID-1261", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-219826", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-204622", "CSAFPID-219803", "CSAFPID-219838", "CSAFPID-219909", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-224793", "CSAFPID-240600", "CSAFPID-342793", "CSAFPID-342803", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-611595", "CSAFPID-614517", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764738", "CSAFPID-816346", "CSAFPID-816347", "CSAFPID-816348", "CSAFPID-816349", "CSAFPID-816350", "CSAFPID-816351", "CSAFPID-816352", "CSAFPID-816353", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816776", "CSAFPID-816777", "CSAFPID-816778", "CSAFPID-816779", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-1751104", ], }, ], title: "CVE-2023-46604", }, { cve: "CVE-2023-50868", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2023-50868", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-50868.json", }, ], title: "CVE-2023-50868", }, { cve: "CVE-2024-0232", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1650777", "CSAFPID-1650778", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1751218", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-0232", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0232.json", }, ], title: "CVE-2024-0232", }, { cve: "CVE-2024-0397", product_status: { known_affected: [ "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1673530", ], }, references: [ { category: "self", summary: "CVE-2024-0397", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0397.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1673530", ], }, ], title: "CVE-2024-0397", }, { cve: "CVE-2024-0450", cwe: { id: "CWE-450", name: "Multiple Interpretations of UI Input", }, notes: [ { category: "other", text: "Multiple Interpretations of UI Input", title: "CWE-450", }, { category: "other", text: "Asymmetric Resource Consumption (Amplification)", title: "CWE-405", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1727475", "CSAFPID-1751097", ], }, references: [ { category: "self", summary: "CVE-2024-0450", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0450.json", }, ], scores: [ { cvss_v3: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1727475", "CSAFPID-1751097", ], }, ], title: "CVE-2024-0450", }, { cve: "CVE-2024-1442", cwe: { id: "CWE-269", name: "Improper Privilege Management", }, notes: [ { category: "other", text: "Improper Privilege Management", title: "CWE-269", }, ], product_status: { known_affected: [ "CSAFPID-1673530", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-1442", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-1442.json", }, ], scores: [ { cvss_v3: { baseScore: 6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1673530", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-1442", }, { cve: "CVE-2024-2961", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1672762", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1673396", "CSAFPID-1673395", "CSAFPID-1673494", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1727475", "CSAFPID-1751097", "CSAFPID-1751237", ], }, references: [ { category: "self", summary: "CVE-2024-2961", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2961.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1672762", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1673396", "CSAFPID-1673395", "CSAFPID-1673494", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1727475", "CSAFPID-1751097", "CSAFPID-1751237", ], }, ], title: "CVE-2024-2961", }, { cve: "CVE-2024-3596", cwe: { id: "CWE-924", name: "Improper Enforcement of Message Integrity During Transmission in a Communication Channel", }, notes: [ { category: "other", text: "Improper Enforcement of Message Integrity During Transmission in a Communication Channel", title: "CWE-924", }, { category: "other", text: "Use of Weak Hash", title: "CWE-328", }, { category: "other", text: "Authentication Bypass by Capture-replay", title: "CWE-294", }, { category: "other", text: "Use of Password Hash Instead of Password for Authentication", title: "CWE-836", }, { category: "other", text: "Use of a Broken or Risky Cryptographic Algorithm", title: "CWE-327", }, { category: "other", text: "User Interface (UI) Misrepresentation of Critical Information", title: "CWE-451", }, { category: "other", text: "Improper Validation of Integrity Check Value", title: "CWE-354", }, ], product_status: { known_affected: [ "CSAFPID-1751090", "CSAFPID-912079", "CSAFPID-220132", "CSAFPID-1751253", ], }, references: [ { category: "self", summary: "CVE-2024-3596", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-3596.json", }, ], scores: [ { cvss_v3: { baseScore: 9, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1751090", "CSAFPID-912079", "CSAFPID-220132", "CSAFPID-1751253", ], }, ], title: "CVE-2024-3596", }, { cve: "CVE-2024-4030", cwe: { id: "CWE-276", name: "Incorrect Default Permissions", }, notes: [ { category: "other", text: "Incorrect Default Permissions", title: "CWE-276", }, ], product_status: { known_affected: [ "CSAFPID-1673530", ], }, references: [ { category: "self", summary: "CVE-2024-4030", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4030.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673530", ], }, ], title: "CVE-2024-4030", }, { cve: "CVE-2024-4032", cwe: { id: "CWE-440", name: "Expected Behavior Violation", }, notes: [ { category: "other", text: "Expected Behavior Violation", title: "CWE-440", }, ], product_status: { known_affected: [ "CSAFPID-1673530", ], }, references: [ { category: "self", summary: "CVE-2024-4032", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4032.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1673530", ], }, ], title: "CVE-2024-4032", }, { cve: "CVE-2024-5535", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "other", text: "Dependency on Vulnerable Third-Party Component", title: "CWE-1395", }, ], product_status: { known_affected: [ "CSAFPID-1751090", "CSAFPID-1751253", ], }, references: [ { category: "self", summary: "CVE-2024-5535", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5535.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1751090", "CSAFPID-1751253", ], }, ], title: "CVE-2024-5535", }, { cve: "CVE-2024-6119", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, notes: [ { category: "other", text: "Access of Resource Using Incompatible Type ('Type Confusion')", title: "CWE-843", }, ], product_status: { known_affected: [ "CSAFPID-1751209", ], }, references: [ { category: "self", summary: "CVE-2024-6119", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6119.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1751209", ], }, ], title: "CVE-2024-6119", }, { cve: "CVE-2024-6162", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673526", "CSAFPID-1673399", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1727475", "CSAFPID-1751303", "CSAFPID-1650820", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-6162", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6162.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673526", "CSAFPID-1673399", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1727475", "CSAFPID-1751303", "CSAFPID-1650820", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-6162", }, { cve: "CVE-2024-6232", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, notes: [ { category: "other", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, ], product_status: { known_affected: [ "CSAFPID-1673530", ], }, references: [ { category: "self", summary: "CVE-2024-6232", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6232.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673530", ], }, ], title: "CVE-2024-6232", }, { cve: "CVE-2024-7254", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Uncontrolled Recursion", title: "CWE-674", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673391", "CSAFPID-1673394", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751225", "CSAFPID-1751233", "CSAFPID-1673530", "CSAFPID-1751234", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-7254", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7254.json", }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673391", "CSAFPID-1673394", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751225", "CSAFPID-1751233", "CSAFPID-1673530", "CSAFPID-1751234", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-7254", }, { cve: "CVE-2024-7592", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673530", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-7592", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7592.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673530", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-7592", }, { cve: "CVE-2024-7885", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", title: "CWE-362", }, ], product_status: { known_affected: [ "CSAFPID-1673526", "CSAFPID-1673399", "CSAFPID-1751080", "CSAFPID-1751090", "CSAFPID-1751079", "CSAFPID-1751225", "CSAFPID-1672767", "CSAFPID-1751241", "CSAFPID-1751081", "CSAFPID-1751084", "CSAFPID-1673393", "CSAFPID-1751085", "CSAFPID-1751231", ], }, references: [ { category: "self", summary: "CVE-2024-7885", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7885.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673526", "CSAFPID-1673399", "CSAFPID-1751080", "CSAFPID-1751090", "CSAFPID-1751079", "CSAFPID-1751225", "CSAFPID-1672767", "CSAFPID-1751241", "CSAFPID-1751081", "CSAFPID-1751084", "CSAFPID-1673393", "CSAFPID-1751085", "CSAFPID-1751231", ], }, ], title: "CVE-2024-7885", }, { cve: "CVE-2024-8006", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-220132", "CSAFPID-1751084", "CSAFPID-912079", ], }, references: [ { category: "self", summary: "CVE-2024-8006", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-8006.json", }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-220132", "CSAFPID-1751084", "CSAFPID-912079", ], }, ], title: "CVE-2024-8006", }, { cve: "CVE-2024-9143", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1751253", ], }, references: [ { category: "self", summary: "CVE-2024-9143", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-9143.json", }, ], title: "CVE-2024-9143", }, { cve: "CVE-2024-22195", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-764237", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-1751225", "CSAFPID-1751079", "CSAFPID-1751081", "CSAFPID-1673393", "CSAFPID-1751085", ], }, references: [ { category: "self", summary: "CVE-2024-22195", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22195.json", }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-764237", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-1751225", "CSAFPID-1751079", "CSAFPID-1751081", "CSAFPID-1673393", "CSAFPID-1751085", ], }, ], title: "CVE-2024-22195", }, { cve: "CVE-2024-24786", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], product_status: { known_affected: [ "CSAFPID-1673530", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-24786", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24786.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673530", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-24786", }, { cve: "CVE-2024-24791", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1751208", "CSAFPID-1751209", ], }, references: [ { category: "self", summary: "CVE-2024-24791", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24791.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1751208", "CSAFPID-1751209", ], }, ], title: "CVE-2024-24791", }, { cve: "CVE-2024-25638", cwe: { id: "CWE-345", name: "Insufficient Verification of Data Authenticity", }, notes: [ { category: "other", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, { category: "other", text: "Acceptance of Extraneous Untrusted Data With Trusted Data", title: "CWE-349", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751225", "CSAFPID-1751079", "CSAFPID-1751229", "CSAFPID-1751230", "CSAFPID-1751081", "CSAFPID-1751084", "CSAFPID-1673393", "CSAFPID-1751085", "CSAFPID-1751231", ], }, references: [ { category: "self", summary: "CVE-2024-25638", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25638.json", }, ], scores: [ { cvss_v3: { baseScore: 8.9, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751225", "CSAFPID-1751079", "CSAFPID-1751229", "CSAFPID-1751230", "CSAFPID-1751081", "CSAFPID-1751084", "CSAFPID-1673393", "CSAFPID-1751085", "CSAFPID-1751231", ], }, ], title: "CVE-2024-25638", }, { cve: "CVE-2024-25710", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-912101", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-912102", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-342804", "CSAFPID-912080", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-1727475", "CSAFPID-1751218", ], }, references: [ { category: "self", summary: "CVE-2024-25710", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25710.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-912101", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-912102", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-342804", "CSAFPID-912080", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-1727475", "CSAFPID-1751218", ], }, ], title: "CVE-2024-25710", }, { cve: "CVE-2024-26308", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-1727475", "CSAFPID-1751218", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-26308", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26308.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-1727475", "CSAFPID-1751218", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-26308", }, { cve: "CVE-2024-27309", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, { category: "other", text: "Incorrect Authorization", title: "CWE-863", }, ], product_status: { known_affected: [ "CSAFPID-1751233", "CSAFPID-1751234", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-27309", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27309.json", }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1751233", "CSAFPID-1751234", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-27309", }, { cve: "CVE-2024-28219", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, notes: [ { category: "other", text: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", title: "CWE-120", }, { category: "other", text: "Use of Potentially Dangerous Function", title: "CWE-676", }, { category: "other", text: "Integer Overflow to Buffer Overflow", title: "CWE-680", }, ], product_status: { known_affected: [ "CSAFPID-1751079", "CSAFPID-1751225", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1751085", "CSAFPID-912547", ], }, references: [ { category: "self", summary: "CVE-2024-28219", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28219.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "CSAFPID-1751079", "CSAFPID-1751225", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1751085", "CSAFPID-912547", ], }, ], title: "CVE-2024-28219", }, { cve: "CVE-2024-28834", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Use of a Broken or Risky Cryptographic Algorithm", title: "CWE-327", }, ], product_status: { known_affected: [ "CSAFPID-1673481", "CSAFPID-1751217", "CSAFPID-1503590", ], }, references: [ { category: "self", summary: "CVE-2024-28834", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28834.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1673481", "CSAFPID-1751217", "CSAFPID-1503590", ], }, ], title: "CVE-2024-28834", }, { cve: "CVE-2024-28835", cwe: { id: "CWE-248", name: "Uncaught Exception", }, notes: [ { category: "other", text: "Uncaught Exception", title: "CWE-248", }, ], product_status: { known_affected: [ "CSAFPID-1673481", "CSAFPID-1751217", "CSAFPID-1503590", ], }, references: [ { category: "self", summary: "CVE-2024-28835", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28835.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1673481", "CSAFPID-1751217", "CSAFPID-1503590", ], }, ], title: "CVE-2024-28835", }, { cve: "CVE-2024-28849", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673414", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1727475", "CSAFPID-1751235", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-28849", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28849.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673414", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1727475", "CSAFPID-1751235", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-28849", }, { cve: "CVE-2024-29025", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673494", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1727475", "CSAFPID-1751233", "CSAFPID-1751218", "CSAFPID-1751234", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-29025", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673494", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1727475", "CSAFPID-1751233", "CSAFPID-1751218", "CSAFPID-1751234", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-29025", }, { cve: "CVE-2024-29131", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1650820", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1673530", ], }, references: [ { category: "self", summary: "CVE-2024-29131", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29131.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1650820", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1673530", ], }, ], title: "CVE-2024-29131", }, { cve: "CVE-2024-29133", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1650820", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1673530", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-29133", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29133.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1650820", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1673530", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-29133", }, { cve: "CVE-2024-33599", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "other", text: "Stack-based Buffer Overflow", title: "CWE-121", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1673396", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1672762", "CSAFPID-1673395", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673494", "CSAFPID-1751237", ], }, references: [ { category: "self", summary: "CVE-2024-33599", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33599.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1673396", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1672762", "CSAFPID-1673395", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673494", "CSAFPID-1751237", ], }, ], title: "CVE-2024-33599", }, { cve: "CVE-2024-33600", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1673396", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1672762", "CSAFPID-1673395", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673494", "CSAFPID-1751237", ], }, references: [ { category: "self", summary: "CVE-2024-33600", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33600.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1673396", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1672762", "CSAFPID-1673395", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673494", "CSAFPID-1751237", ], }, ], title: "CVE-2024-33600", }, { cve: "CVE-2024-33601", cwe: { id: "CWE-703", name: "Improper Check or Handling of Exceptional Conditions", }, notes: [ { category: "other", text: "Improper Check or Handling of Exceptional Conditions", title: "CWE-703", }, { category: "other", text: "Reachable Assertion", title: "CWE-617", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1673396", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1672762", "CSAFPID-1673395", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673494", "CSAFPID-1751237", ], }, references: [ { category: "self", summary: "CVE-2024-33601", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33601.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1673396", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1672762", "CSAFPID-1673395", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673494", "CSAFPID-1751237", ], }, ], title: "CVE-2024-33601", }, { cve: "CVE-2024-33602", cwe: { id: "CWE-466", name: "Return of Pointer Value Outside of Expected Range", }, notes: [ { category: "other", text: "Return of Pointer Value Outside of Expected Range", title: "CWE-466", }, { category: "other", text: "Improper Check or Handling of Exceptional Conditions", title: "CWE-703", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1673396", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1672762", "CSAFPID-1673395", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673494", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751237", ], }, references: [ { category: "self", summary: "CVE-2024-33602", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33602.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1673396", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1672762", "CSAFPID-1673395", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673494", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751237", ], }, ], title: "CVE-2024-33602", }, { cve: "CVE-2024-34064", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1727475", "CSAFPID-1751238", "CSAFPID-1751225", "CSAFPID-1751079", "CSAFPID-1751081", "CSAFPID-1673393", "CSAFPID-1751239", "CSAFPID-1751082", "CSAFPID-1751240", "CSAFPID-1672767", "CSAFPID-1751241", "CSAFPID-1673481", "CSAFPID-1751085", ], }, references: [ { category: "self", summary: "CVE-2024-34064", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34064.json", }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1727475", "CSAFPID-1751238", "CSAFPID-1751225", "CSAFPID-1751079", "CSAFPID-1751081", "CSAFPID-1673393", "CSAFPID-1751239", "CSAFPID-1751082", "CSAFPID-1751240", "CSAFPID-1672767", "CSAFPID-1751241", "CSAFPID-1673481", "CSAFPID-1751085", ], }, ], title: "CVE-2024-34064", }, { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, notes: [ { category: "other", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673481", "CSAFPID-1503596", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751242", "CSAFPID-1751243", "CSAFPID-1751079", "CSAFPID-1751225", "CSAFPID-1751085", ], }, references: [ { category: "self", summary: "CVE-2024-34750", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34750.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673481", "CSAFPID-1503596", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751242", "CSAFPID-1751243", "CSAFPID-1751079", "CSAFPID-1751225", "CSAFPID-1751085", ], }, ], title: "CVE-2024-34750", }, { cve: "CVE-2024-35195", cwe: { id: "CWE-670", name: "Always-Incorrect Control Flow Implementation", }, notes: [ { category: "other", text: "Always-Incorrect Control Flow Implementation", title: "CWE-670", }, ], product_status: { known_affected: [ "CSAFPID-1751246", "CSAFPID-1751247", "CSAFPID-1751248", "CSAFPID-1673530", "CSAFPID-1673393", "CSAFPID-1751239", "CSAFPID-220132", "CSAFPID-1751082", "CSAFPID-1672767", "CSAFPID-1751241", "CSAFPID-912079", "CSAFPID-916906", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-35195", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35195.json", }, ], scores: [ { cvss_v3: { baseScore: 5.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1751246", "CSAFPID-1751247", "CSAFPID-1751248", "CSAFPID-1673530", "CSAFPID-1673393", "CSAFPID-1751239", "CSAFPID-220132", "CSAFPID-1751082", "CSAFPID-1672767", "CSAFPID-1751241", "CSAFPID-912079", "CSAFPID-916906", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-35195", }, { cve: "CVE-2024-37370", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, notes: [ { category: "other", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1673413", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1503590", "CSAFPID-1673393", "CSAFPID-1673395", "CSAFPID-1673399", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673392", "CSAFPID-1503589", "CSAFPID-1673415", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1751237", "CSAFPID-1751254", "CSAFPID-1751217", "CSAFPID-1673481", "CSAFPID-1751255", ], }, references: [ { category: "self", summary: "CVE-2024-37370", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37370.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1673413", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1503590", "CSAFPID-1673393", "CSAFPID-1673395", "CSAFPID-1673399", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673392", "CSAFPID-1503589", "CSAFPID-1673415", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1751237", "CSAFPID-1751254", "CSAFPID-1751217", "CSAFPID-1673481", "CSAFPID-1751255", ], }, ], title: "CVE-2024-37370", }, { cve: "CVE-2024-37371", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, notes: [ { category: "other", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1673413", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1503590", "CSAFPID-1673393", "CSAFPID-1673395", "CSAFPID-1673399", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673392", "CSAFPID-1503589", "CSAFPID-1673415", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751237", "CSAFPID-1751254", "CSAFPID-1751217", "CSAFPID-1673481", "CSAFPID-1751255", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-37371", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37371.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1673413", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1503590", "CSAFPID-1673393", "CSAFPID-1673395", "CSAFPID-1673399", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673392", "CSAFPID-1503589", "CSAFPID-1673415", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751237", "CSAFPID-1751254", "CSAFPID-1751217", "CSAFPID-1673481", "CSAFPID-1751255", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-37371", }, { cve: "CVE-2024-37891", cwe: { id: "CWE-669", name: "Incorrect Resource Transfer Between Spheres", }, notes: [ { category: "other", text: "Incorrect Resource Transfer Between Spheres", title: "CWE-669", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751225", "CSAFPID-1751254", "CSAFPID-1673530", "CSAFPID-1751217", "CSAFPID-1751255", "CSAFPID-816790", "CSAFPID-1751258", "CSAFPID-1673481", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-37891", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37891.json", }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751225", "CSAFPID-1751254", "CSAFPID-1673530", "CSAFPID-1751217", "CSAFPID-1751255", "CSAFPID-816790", "CSAFPID-1751258", "CSAFPID-1673481", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-37891", }, { cve: "CVE-2024-38475", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, { category: "other", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, { category: "other", text: "Path Traversal: '.../...//'", title: "CWE-35", }, { category: "other", text: "Stack-based Buffer Overflow", title: "CWE-121", }, { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "other", text: "Use of Hard-coded Credentials", title: "CWE-798", }, { category: "other", text: "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)", title: "CWE-338", }, ], references: [ { category: "self", summary: "CVE-2024-38475", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38475.json", }, ], title: "CVE-2024-38475", }, { cve: "CVE-2024-38807", cwe: { id: "CWE-347", name: "Improper Verification of Cryptographic Signature", }, notes: [ { category: "other", text: "Improper Verification of Cryptographic Signature", title: "CWE-347", }, ], product_status: { known_affected: [ "CSAFPID-1751090", "CSAFPID-1751233", "CSAFPID-1751234", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-38807", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38807.json", }, ], scores: [ { cvss_v3: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1751090", "CSAFPID-1751233", "CSAFPID-1751234", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-38807", }, { cve: "CVE-2024-38809", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, notes: [ { category: "other", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673393", ], }, references: [ { category: "self", summary: "CVE-2024-38809", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38809.json", }, ], scores: [ { cvss_v3: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "CSAFPID-1673393", ], }, ], title: "CVE-2024-38809", }, { cve: "CVE-2024-38816", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "other", text: "Relative Path Traversal", title: "CWE-23", }, ], product_status: { known_affected: [ "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751081", "CSAFPID-1673393", "CSAFPID-1751079", "CSAFPID-1751080", "CSAFPID-1751084", "CSAFPID-1751085", "CSAFPID-1751082", "CSAFPID-1751225", ], }, references: [ { category: "self", summary: "CVE-2024-38816", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38816.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751081", "CSAFPID-1673393", "CSAFPID-1751079", "CSAFPID-1751080", "CSAFPID-1751084", "CSAFPID-1751085", "CSAFPID-1751082", "CSAFPID-1751225", ], }, ], title: "CVE-2024-38816", }, { cve: "CVE-2024-38819", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], product_status: { known_affected: [ "CSAFPID-1673393", "CSAFPID-1751079", "CSAFPID-1751080", "CSAFPID-1751081", "CSAFPID-1751082", "CSAFPID-1751084", "CSAFPID-1751085", "CSAFPID-1751225", "CSAFPID-1672767", "CSAFPID-1751241", ], }, references: [ { category: "self", summary: "CVE-2024-38819", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38819.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1673393", "CSAFPID-1751079", "CSAFPID-1751080", "CSAFPID-1751081", "CSAFPID-1751082", "CSAFPID-1751084", "CSAFPID-1751085", "CSAFPID-1751225", "CSAFPID-1672767", "CSAFPID-1751241", ], }, ], title: "CVE-2024-38819", }, { cve: "CVE-2024-38820", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, { category: "other", text: "Improper Handling of Case Sensitivity", title: "CWE-178", }, ], product_status: { known_affected: [ "CSAFPID-1751079", "CSAFPID-1751225", "CSAFPID-1751081", "CSAFPID-1751084", "CSAFPID-1673393", "CSAFPID-1751080", "CSAFPID-1751082", "CSAFPID-1751085", "CSAFPID-1672767", "CSAFPID-1751241", ], }, references: [ { category: "self", summary: "CVE-2024-38820", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38820.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1751079", "CSAFPID-1751225", "CSAFPID-1751081", "CSAFPID-1751084", "CSAFPID-1673393", "CSAFPID-1751080", "CSAFPID-1751082", "CSAFPID-1751085", "CSAFPID-1672767", "CSAFPID-1751241", ], }, ], title: "CVE-2024-38820", }, { cve: "CVE-2024-38827", cwe: { id: "CWE-639", name: "Authorization Bypass Through User-Controlled Key", }, notes: [ { category: "other", text: "Authorization Bypass Through User-Controlled Key", title: "CWE-639", }, ], product_status: { known_affected: [ "CSAFPID-1751225", "CSAFPID-1751079", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1673393", "CSAFPID-1751085", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-38827", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38827.json", }, ], scores: [ { cvss_v3: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1751225", "CSAFPID-1751079", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1673393", "CSAFPID-1751085", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-38827", }, { cve: "CVE-2024-38998", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, notes: [ { category: "other", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, ], product_status: { known_affected: [ "CSAFPID-1751225", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-912073", "CSAFPID-1751254", "CSAFPID-1751079", "CSAFPID-1751242", "CSAFPID-1751234", "CSAFPID-1673496", "CSAFPID-1751233", "CSAFPID-1751255", "CSAFPID-1673481", "CSAFPID-1751085", "CSAFPID-220132", "CSAFPID-912079", ], }, references: [ { category: "self", summary: "CVE-2024-38998", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38998.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1751225", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-912073", "CSAFPID-1751254", "CSAFPID-1751079", "CSAFPID-1751242", "CSAFPID-1751234", "CSAFPID-1673496", "CSAFPID-1751233", "CSAFPID-1751255", "CSAFPID-1673481", "CSAFPID-1751085", "CSAFPID-220132", "CSAFPID-912079", ], }, ], title: "CVE-2024-38998", }, { cve: "CVE-2024-38999", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, notes: [ { category: "other", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, ], product_status: { known_affected: [ "CSAFPID-1751225", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-912073", "CSAFPID-1751254", "CSAFPID-1751079", "CSAFPID-1751242", "CSAFPID-1751234", "CSAFPID-1673496", "CSAFPID-1751233", "CSAFPID-1751255", "CSAFPID-1673481", "CSAFPID-1751085", "CSAFPID-220132", "CSAFPID-912079", ], }, references: [ { category: "self", summary: "CVE-2024-38999", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38999.json", }, ], scores: [ { cvss_v3: { baseScore: 10, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1751225", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-912073", "CSAFPID-1751254", "CSAFPID-1751079", "CSAFPID-1751242", "CSAFPID-1751234", "CSAFPID-1673496", "CSAFPID-1751233", "CSAFPID-1751255", "CSAFPID-1673481", "CSAFPID-1751085", "CSAFPID-220132", "CSAFPID-912079", ], }, ], title: "CVE-2024-38999", }, { cve: "CVE-2024-41817", cwe: { id: "CWE-427", name: "Uncontrolled Search Path Element", }, notes: [ { category: "other", text: "Uncontrolled Search Path Element", title: "CWE-427", }, ], product_status: { known_affected: [ "CSAFPID-1673382", "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-220132", "CSAFPID-912079", ], }, references: [ { category: "self", summary: "CVE-2024-41817", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41817.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673382", "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-220132", "CSAFPID-912079", ], }, ], title: "CVE-2024-41817", }, { cve: "CVE-2024-45490", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "other", text: "Incorrect Calculation of Buffer Size", title: "CWE-131", }, { category: "other", text: "Improper Restriction of XML External Entity Reference", title: "CWE-611", }, ], product_status: { known_affected: [ "CSAFPID-1673382", "CSAFPID-1673399", "CSAFPID-1650731", "CSAFPID-1673517", "CSAFPID-1673396", "CSAFPID-1673414", "CSAFPID-1503590", ], }, references: [ { category: "self", summary: "CVE-2024-45490", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45490.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673382", "CSAFPID-1673399", "CSAFPID-1650731", "CSAFPID-1673517", "CSAFPID-1673396", "CSAFPID-1673414", "CSAFPID-1503590", ], }, ], title: "CVE-2024-45490", }, { cve: "CVE-2024-45491", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-1673382", "CSAFPID-1673399", "CSAFPID-1650731", "CSAFPID-1673517", "CSAFPID-1673396", "CSAFPID-1673414", "CSAFPID-1503590", ], }, references: [ { category: "self", summary: "CVE-2024-45491", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45491.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673382", "CSAFPID-1673399", "CSAFPID-1650731", "CSAFPID-1673517", "CSAFPID-1673396", "CSAFPID-1673414", "CSAFPID-1503590", ], }, ], title: "CVE-2024-45491", }, { cve: "CVE-2024-45492", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-1673382", "CSAFPID-1673399", "CSAFPID-1650731", "CSAFPID-1673517", "CSAFPID-1673396", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1673414", "CSAFPID-1503590", ], }, references: [ { category: "self", summary: "CVE-2024-45492", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45492.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673382", "CSAFPID-1673399", "CSAFPID-1650731", "CSAFPID-1673517", "CSAFPID-1673396", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1673414", "CSAFPID-1503590", ], }, ], title: "CVE-2024-45492", }, { cve: "CVE-2024-47535", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1751233", "CSAFPID-1751234", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-47535", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47535.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1751233", "CSAFPID-1751234", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-47535", }, { cve: "CVE-2024-47554", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1751292", "CSAFPID-1751234", "CSAFPID-1751294", "CSAFPID-1751233", "CSAFPID-1751295", "CSAFPID-1751296", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-47554", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47554.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1751292", "CSAFPID-1751234", "CSAFPID-1751294", "CSAFPID-1751233", "CSAFPID-1751295", "CSAFPID-1751296", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-47554", }, { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, ], product_status: { known_affected: [ "CSAFPID-1751296", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-47561", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47561.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1751296", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-47561", }, { cve: "CVE-2024-47803", cwe: { id: "CWE-209", name: "Generation of Error Message Containing Sensitive Information", }, notes: [ { category: "other", text: "Generation of Error Message Containing Sensitive Information", title: "CWE-209", }, ], product_status: { known_affected: [ "CSAFPID-1751079", "CSAFPID-1751225", "CSAFPID-1672767", "CSAFPID-1751300", "CSAFPID-1751241", "CSAFPID-1751081", "CSAFPID-1751084", "CSAFPID-1673393", "CSAFPID-1751085", ], }, references: [ { category: "self", summary: "CVE-2024-47803", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47803.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1751079", "CSAFPID-1751225", "CSAFPID-1672767", "CSAFPID-1751300", "CSAFPID-1751241", "CSAFPID-1751081", "CSAFPID-1751084", "CSAFPID-1673393", "CSAFPID-1751085", ], }, ], title: "CVE-2024-47803", }, { cve: "CVE-2024-47804", cwe: { id: "CWE-863", name: "Incorrect Authorization", }, notes: [ { category: "other", text: "Incorrect Authorization", title: "CWE-863", }, { category: "other", text: "Insufficient Granularity of Access Control", title: "CWE-1220", }, { category: "other", text: "Access of Resource Using Incompatible Type ('Type Confusion')", title: "CWE-843", }, ], product_status: { known_affected: [ "CSAFPID-1751225", "CSAFPID-1751079", "CSAFPID-1672767", "CSAFPID-1751300", "CSAFPID-1751241", "CSAFPID-1751081", "CSAFPID-1751084", "CSAFPID-1673393", "CSAFPID-1751085", ], }, references: [ { category: "self", summary: "CVE-2024-47804", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47804.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1751225", "CSAFPID-1751079", "CSAFPID-1672767", "CSAFPID-1751300", "CSAFPID-1751241", "CSAFPID-1751081", "CSAFPID-1751084", "CSAFPID-1673393", "CSAFPID-1751085", ], }, ], title: "CVE-2024-47804", }, { cve: "CVE-2024-49766", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], product_status: { known_affected: [ "CSAFPID-1751208", "CSAFPID-1751246", "CSAFPID-1751209", ], }, references: [ { category: "self", summary: "CVE-2024-49766", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-49766.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1751208", "CSAFPID-1751246", "CSAFPID-1751209", ], }, ], title: "CVE-2024-49766", }, { cve: "CVE-2024-49767", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1751208", "CSAFPID-1751080", "CSAFPID-1751079", "CSAFPID-1751225", "CSAFPID-1751082", "CSAFPID-1751300", "CSAFPID-1751246", "CSAFPID-1751209", "CSAFPID-1673393", "CSAFPID-1751085", "CSAFPID-1751231", ], }, references: [ { category: "self", summary: "CVE-2024-49767", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-49767.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1751208", "CSAFPID-1751080", "CSAFPID-1751079", "CSAFPID-1751225", "CSAFPID-1751082", "CSAFPID-1751300", "CSAFPID-1751246", "CSAFPID-1751209", "CSAFPID-1673393", "CSAFPID-1751085", "CSAFPID-1751231", ], }, ], title: "CVE-2024-49767", }, { cve: "CVE-2024-50379", cwe: { id: "CWE-367", name: "Time-of-check Time-of-use (TOCTOU) Race Condition", }, notes: [ { category: "other", text: "Time-of-check Time-of-use (TOCTOU) Race Condition", title: "CWE-367", }, ], product_status: { known_affected: [ "CSAFPID-816790", ], }, references: [ { category: "self", summary: "CVE-2024-50379", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50379.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816790", ], }, ], title: "CVE-2024-50379", }, { cve: "CVE-2024-50602", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Improper Check for Unusual or Exceptional Conditions", title: "CWE-754", }, ], product_status: { known_affected: [ "CSAFPID-1751225", "CSAFPID-1751079", "CSAFPID-1751082", "CSAFPID-1751085", ], }, references: [ { category: "self", summary: "CVE-2024-50602", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50602.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1751225", "CSAFPID-1751079", "CSAFPID-1751082", "CSAFPID-1751085", ], }, ], title: "CVE-2024-50602", }, { cve: "CVE-2024-53677", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "other", text: "Unrestricted Upload of File with Dangerous Type", title: "CWE-434", }, { category: "other", text: "Files or Directories Accessible to External Parties", title: "CWE-552", }, ], product_status: { known_affected: [ "CSAFPID-816790", ], }, references: [ { category: "self", summary: "CVE-2024-53677", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-53677.json", }, ], scores: [ { cvss_v3: { baseScore: 9, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816790", ], }, ], title: "CVE-2024-53677", }, { cve: "CVE-2024-54677", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-816790", ], }, references: [ { category: "self", summary: "CVE-2024-54677", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-54677.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816790", ], }, ], title: "CVE-2024-54677", }, { cve: "CVE-2024-56337", cwe: { id: "CWE-367", name: "Time-of-check Time-of-use (TOCTOU) Race Condition", }, notes: [ { category: "other", text: "Time-of-check Time-of-use (TOCTOU) Race Condition", title: "CWE-367", }, ], product_status: { known_affected: [ "CSAFPID-816790", ], }, references: [ { category: "self", summary: "CVE-2024-56337", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-56337.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816790", ], }, ], title: "CVE-2024-56337", }, { cve: "CVE-2025-21542", product_status: { known_affected: [ "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2025-21542", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21542.json", }, ], scores: [ { cvss_v3: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2025-21542", }, { cve: "CVE-2025-21544", product_status: { known_affected: [ "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2025-21544", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21544.json", }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2025-21544", }, { cve: "CVE-2025-21554", product_status: { known_affected: [ "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2025-21554", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21554.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2025-21554", }, ], }
wid-sec-w-2024-1522
Vulnerability from csaf_certbund
Notes
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Apache Tomcat ist ein Web-Applikationsserver für verschiedene Plattformen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache Tomcat ausnutzen, um einen Denial of Service Angriff durchzuführen.", title: "Angriff", }, { category: "general", text: "- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-1522 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1522.json", }, { category: "self", summary: "WID-SEC-2024-1522 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1522", }, { category: "external", summary: "Red Hat Bugtracker vom 2024-07-03", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295651", }, { category: "external", summary: "NIST Vulnerability Database vom 2024-07-03", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", }, { category: "external", summary: "RedHat Customer Portal vom 2024-07-03", url: "https://access.redhat.com/security/cve/CVE-2024-34750", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:2413-1 vom 2024-07-11", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018931.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:2485-1 vom 2024-07-15", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018972.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:2539-1 vom 2024-07-17", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018993.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4977 vom 2024-08-06", url: "https://access.redhat.com/errata/RHSA-2024:4977", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4976 vom 2024-08-06", url: "https://access.redhat.com/errata/RHSA-2024:4976", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:5025 vom 2024-08-06", url: "https://access.redhat.com/errata/RHSA-2024:5025", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:5024 vom 2024-08-06", url: "https://access.redhat.com/errata/RHSA-2024:5024", }, { category: "external", summary: "Amazon Linux Security Advisory ALASTOMCAT8.5-2024-020 vom 2024-08-13", url: "https://alas.aws.amazon.com/AL2/ALASTOMCAT8.5-2024-020.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALASTOMCAT9-2024-014 vom 2024-08-13", url: "https://alas.aws.amazon.com/AL2/ALASTOMCAT9-2024-014.html", }, { category: "external", summary: "Atlassian Security Advisory JSDSERVER-15504 vom 2024-08-20", url: "https://jira.atlassian.com/browse/JSDSERVER-15504", }, { category: "external", summary: "Atlassian Security Advisory CONFSERVER-97657 vom 2024-08-20", url: "https://jira.atlassian.com/browse/CONFSERVER-97657", }, { category: "external", summary: "Atlassian Security Advisory JSWSERVER-26047 vom 2024-08-20", url: "https://jira.atlassian.com/browse/JSWSERVER-26047", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:5693 vom 2024-08-21", url: "https://access.redhat.com/errata/RHSA-2024:5693", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:5695 vom 2024-08-21", url: "https://access.redhat.com/errata/RHSA-2024:5695", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:5694 vom 2024-08-21", url: "https://access.redhat.com/errata/RHSA-2024:5694", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-5694 vom 2024-08-22", url: "https://linux.oracle.com/errata/ELSA-2024-5694.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-5693 vom 2024-08-22", url: "https://linux.oracle.com/errata/ELSA-2024-5693.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:5696 vom 2024-08-21", url: "https://access.redhat.com/errata/RHSA-2024:5696", }, { category: "external", summary: "IBM Security Bulletin 7167584 vom 2024-09-05", url: "https://www.ibm.com/support/pages/node/7167584", }, { category: "external", summary: "Camunda Security Notice 117 vom 2024-09-16", url: "https://docs.camunda.org/security/notices/#notice-117", }, { category: "external", summary: "Rocky Linux Security Advisory RLSA-2024:5693 vom 2024-09-17", url: "https://errata.build.resf.org/RLSA-2024:5693", }, { category: "external", summary: "Atlassian Security Bulletin - September 17 2024", url: "https://confluence.atlassian.com/security/security-bulletin-september-17-2024-1431249025.html", }, { category: "external", summary: "Bamboo Data Center Advisory", url: "https://jira.atlassian.com/browse/BAM-25868", }, { category: "external", summary: "Dell Security Advisory DSA-2024-423 vom 2024-10-11", url: "https://www.dell.com/support/kbdoc/de-de/000235068/dsa-2024-423-security-update-for-dell-networker-and-networker-management-console-nmc-multiple-component-vulnerabilities", }, { category: "external", summary: "IBM Security Bulletin 7173018 vom 2024-10-14", url: "https://www.ibm.com/support/pages/node/7173018", }, { category: "external", summary: "XEROX Security Advisory XRX25-001 vom 2025-01-13", url: "https://securitydocs.business.xerox.com/wp-content/uploads/2025/01/Xerox-Security-Bulletin-XRX25-001-for-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf", }, { category: "external", summary: "Debian Security Advisory DSA-5845 vom 2025-01-17", url: "https://lists.debian.org/debian-security-announce/2025/msg00007.html", }, ], source_lang: "en-US", title: "Apache Tomcat: Schwachstelle ermöglicht Denial of Service", tracking: { current_release_date: "2025-01-19T23:00:00.000+00:00", generator: { date: "2025-01-20T09:21:00.122+00:00", engine: { name: "BSI-WID", version: "1.3.10", }, }, id: "WID-SEC-W-2024-1522", initial_release_date: "2024-07-03T22:00:00.000+00:00", revision_history: [ { date: "2024-07-03T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-07-11T22:00:00.000+00:00", number: "2", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-07-15T22:00:00.000+00:00", number: "3", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-07-16T22:00:00.000+00:00", number: "4", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-08-06T22:00:00.000+00:00", number: "5", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-08-13T22:00:00.000+00:00", number: "6", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2024-08-20T22:00:00.000+00:00", number: "7", summary: "Neue Updates von Atlassian aufgenommen", }, { date: "2024-08-21T22:00:00.000+00:00", number: "8", summary: "Neue Updates von Red Hat und Oracle Linux aufgenommen", }, { date: "2024-09-04T22:00:00.000+00:00", number: "9", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-09-16T22:00:00.000+00:00", number: "10", summary: "Neue Updates von Rocky Enterprise Software Foundation aufgenommen", }, { date: "2024-09-17T22:00:00.000+00:00", number: "11", summary: "Neue Updates aufgenommen", }, { date: "2024-10-10T22:00:00.000+00:00", number: "12", summary: "Neue Updates von Dell aufgenommen", }, { date: "2024-10-13T22:00:00.000+00:00", number: "13", summary: "Neue Updates von IBM aufgenommen", }, { date: "2025-01-12T23:00:00.000+00:00", number: "14", summary: "Neue Updates von XEROX aufgenommen", }, { date: "2025-01-19T23:00:00.000+00:00", number: "15", summary: "Neue Updates von Debian aufgenommen", }, ], status: "final", version: "15", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, ], category: "vendor", name: "Amazon", }, { branches: [ { branches: [ { category: "product_version_range", name: "<11.0.0-M21", product: { name: "Apache Tomcat <11.0.0-M21", product_id: "T035809", }, }, { category: "product_version", name: "11.0.0-M21", product: { name: "Apache Tomcat 11.0.0-M21", product_id: "T035809-fixed", product_identification_helper: { cpe: "cpe:/a:apache:tomcat:11.0.0-m21", }, }, }, { category: "product_version_range", name: "<10.1.25", product: { name: "Apache Tomcat <10.1.25", product_id: "T035811", }, }, { category: "product_version", name: "10.1.25", product: { name: "Apache Tomcat 10.1.25", product_id: "T035811-fixed", product_identification_helper: { cpe: "cpe:/a:apache:tomcat:10.1.25", }, }, }, { category: "product_version_range", name: "<9.0.90", product: { name: "Apache Tomcat <9.0.90", product_id: "T035812", }, }, { category: "product_version", name: "9.0.90", product: { name: "Apache Tomcat 9.0.90", product_id: "T035812-fixed", product_identification_helper: { cpe: "cpe:/a:apache:tomcat:9.0.90", }, }, }, ], category: "product_name", name: "Tomcat", }, ], category: "vendor", name: "Apache", }, { branches: [ { branches: [ { category: "product_version_range", name: "<9.2.17", product: { name: "Atlassian Bamboo <9.2.17", product_id: "T036976", }, }, { category: "product_version", name: "9.2.17", product: { name: "Atlassian Bamboo 9.2.17", product_id: "T036976-fixed", product_identification_helper: { cpe: "cpe:/a:atlassian:bamboo:9.2.17", }, }, }, { category: "product_version_range", name: "<10.0.0", product: { name: "Atlassian Bamboo <10.0.0", product_id: "T037681", }, }, { category: "product_version", name: "10.0.0", product: { name: "Atlassian Bamboo 10.0.0", product_id: "T037681-fixed", product_identification_helper: { cpe: "cpe:/a:atlassian:bamboo:10.0.0", }, }, }, { category: "product_version_range", name: "<9.6.4", product: { name: "Atlassian Bamboo <9.6.4", product_id: "T037682", }, }, { category: "product_version", name: "9.6.4", product: { name: "Atlassian Bamboo 9.6.4", product_id: "T037682-fixed", product_identification_helper: { cpe: "cpe:/a:atlassian:bamboo:9.6.4", }, }, }, ], category: "product_name", name: "Bamboo", }, { branches: [ { category: "product_version_range", name: "<9.0.0", product: { name: "Atlassian Bitbucket <9.0.0", product_id: "T037684", }, }, { category: "product_version", name: "9.0.0", product: { name: "Atlassian Bitbucket 9.0.0", product_id: "T037684-fixed", product_identification_helper: { cpe: "cpe:/a:atlassian:bitbucket:9.0.0", }, }, }, { category: "product_version_range", name: "<8.9.19", product: { name: "Atlassian Bitbucket <8.9.19", product_id: "T037685", }, }, { category: "product_version", name: "8.9.19", product: { name: "Atlassian Bitbucket 8.9.19", product_id: "T037685-fixed", product_identification_helper: { cpe: "cpe:/a:atlassian:bitbucket:8.9.19", }, }, }, { category: "product_version_range", name: "<8.19.9", product: { name: "Atlassian Bitbucket <8.19.9", product_id: "T037686", }, }, { category: "product_version", name: "8.19.9", product: { name: "Atlassian Bitbucket 8.19.9", product_id: "T037686-fixed", product_identification_helper: { cpe: "cpe:/a:atlassian:bitbucket:8.19.9", }, }, }, ], category: "product_name", name: "Bitbucket", }, { branches: [ { category: "product_version_range", name: "Data Center <9.0.1", product: { name: "Atlassian Confluence Data Center <9.0.1", product_id: "T036967", }, }, { category: "product_version", name: "Data Center 9.0.1", product: { name: "Atlassian Confluence Data Center 9.0.1", product_id: "T036967-fixed", product_identification_helper: { cpe: "cpe:/a:atlassian:confluence:9.0.1::data_center", }, }, }, { category: "product_version_range", name: "<8.5.14 (LTS)", product: { name: "Atlassian Confluence <8.5.14 (LTS)", product_id: "T036968", }, }, { category: "product_version", name: "8.5.14 (LTS)", product: { name: "Atlassian Confluence 8.5.14 (LTS)", product_id: "T036968-fixed", product_identification_helper: { cpe: "cpe:/a:atlassian:confluence:8.5.14::lts", }, }, }, { category: "product_version_range", name: "<7.19.26 (LTS)", product: { name: "Atlassian Confluence <7.19.26 (LTS)", product_id: "T036969", }, }, { category: "product_version", name: "7.19.26 (LTS)", product: { name: "Atlassian Confluence 7.19.26 (LTS)", product_id: "T036969-fixed", product_identification_helper: { cpe: "cpe:/a:atlassian:confluence:7.19.26::lts", }, }, }, ], category: "product_name", name: "Confluence", }, { branches: [ { category: "product_version_range", name: "Data Center <9.17.1", product: { name: "Atlassian Jira Software Data Center <9.17.1", product_id: "T036961", }, }, { category: "product_version", name: "Data Center 9.17.1", product: { name: "Atlassian Jira Software Data Center 9.17.1", product_id: "T036961-fixed", product_identification_helper: { cpe: "cpe:/a:atlassian:jira_software:9.17.1::data_center", }, }, }, { category: "product_version_range", name: "<9.12.12 (LTS)", product: { name: "Atlassian Jira Software <9.12.12 (LTS)", product_id: "T036962", }, }, { category: "product_version", name: "9.12.12 (LTS)", product: { name: "Atlassian Jira Software 9.12.12 (LTS)", product_id: "T036962-fixed", product_identification_helper: { cpe: "cpe:/a:atlassian:jira_software:9.12.12::lts", }, }, }, { category: "product_version_range", name: "<9.4.25 (LTS)", product: { name: "Atlassian Jira Software <9.4.25 (LTS)", product_id: "T036963", }, }, { category: "product_version", name: "9.4.25 (LTS)", product: { name: "Atlassian Jira Software 9.4.25 (LTS)", product_id: "T036963-fixed", product_identification_helper: { cpe: "cpe:/a:atlassian:jira_software:9.4.25::lts", }, }, }, { category: "product_version_range", name: "Service Management Data Center <5.17.1", product: { name: "Atlassian Jira Software Service Management Data Center <5.17.1", product_id: "T036964", }, }, { category: "product_version", name: "Service Management Data Center 5.17.1", product: { name: "Atlassian Jira Software Service Management Data Center 5.17.1", product_id: "T036964-fixed", product_identification_helper: { cpe: "cpe:/a:atlassian:jira_software:5.17.1::service_management_data_center", }, }, }, { category: "product_version_range", name: "Service Management <5.12.12 (LTS)", product: { name: "Atlassian Jira Software Service Management <5.12.12 (LTS)", product_id: "T036965", }, }, { category: "product_version", name: "Service Management 5.12.12 (LTS)", product: { name: "Atlassian Jira Software Service Management 5.12.12 (LTS)", product_id: "T036965-fixed", product_identification_helper: { cpe: "cpe:/a:atlassian:jira_software:5.12.12::service_management_data_center_lts", }, }, }, { category: "product_version_range", name: "Service Management <5.4.25 (LTS)", product: { name: "Atlassian Jira Software Service Management <5.4.25 (LTS)", product_id: "T036966", }, }, { category: "product_version", name: "Service Management 5.4.25 (LTS)", product: { name: "Atlassian Jira Software Service Management 5.4.25 (LTS)", product_id: "T036966-fixed", product_identification_helper: { cpe: "cpe:/a:atlassian:jira_software:5.4.25::service_management_data_center_lts", }, }, }, ], category: "product_name", name: "Jira Software", }, ], category: "vendor", name: "Atlassian", }, { branches: [ { category: "product_name", name: "Debian Linux", product: { name: "Debian Linux", product_id: "2951", product_identification_helper: { cpe: "cpe:/o:debian:debian_linux:-", }, }, }, ], category: "vendor", name: "Debian", }, { branches: [ { branches: [ { category: "product_version_range", name: "<19.10.0.5", product: { name: "Dell NetWorker <19.10.0.5", product_id: "T038270", }, }, { category: "product_version", name: "19.10.0.5", product: { name: "Dell NetWorker 19.10.0.5", product_id: "T038270-fixed", product_identification_helper: { cpe: "cpe:/a:dell:networker:19.10.0.5", }, }, }, ], category: "product_name", name: "NetWorker", }, ], category: "vendor", name: "Dell", }, { branches: [ { branches: [ { category: "product_version", name: "for zos 10.1-10.1.0.4", product: { name: "IBM Integration Bus for zos 10.1-10.1.0.4", product_id: "T037307", product_identification_helper: { cpe: "cpe:/a:ibm:integration_bus:for_zos_10.1_-_10.1.0.4", }, }, }, ], category: "product_name", name: "Integration Bus", }, { branches: [ { category: "product_version_range", name: "<8.0.0.27", product: { name: "IBM Rational Build Forge <8.0.0.27", product_id: "T038286", }, }, { category: "product_version", name: "8.0.0.27", product: { name: "IBM Rational Build Forge 8.0.0.27", product_id: "T038286-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:rational_build_forge:8.0.0.27", }, }, }, ], category: "product_name", name: "Rational Build Forge", }, ], category: "vendor", name: "IBM", }, { branches: [ { branches: [ { category: "product_version_range", name: "<7.22.0-alpha5", product: { name: "Open Source Camunda <7.22.0-alpha5", product_id: "T037648", }, }, { category: "product_version", name: "7.22.0-alpha5", product: { name: "Open Source Camunda 7.22.0-alpha5", product_id: "T037648-fixed", product_identification_helper: { cpe: "cpe:/a:camunda:camunda:7.22.0-alpha5", }, }, }, { category: "product_version_range", name: "<7.21.4", product: { name: "Open Source Camunda <7.21.4", product_id: "T037649", }, }, { category: "product_version", name: "7.21.4", product: { name: "Open Source Camunda 7.21.4", product_id: "T037649-fixed", product_identification_helper: { cpe: "cpe:/a:camunda:camunda:7.21.4", }, }, }, { category: "product_version_range", name: "<7.20.8", product: { name: "Open Source Camunda <7.20.8", product_id: "T037650", }, }, { category: "product_version", name: "7.20.8", product: { name: "Open Source Camunda 7.20.8", product_id: "T037650-fixed", product_identification_helper: { cpe: "cpe:/a:camunda:camunda:7.20.8", }, }, }, { category: "product_version_range", name: "<7.19.15", product: { name: "Open Source Camunda <7.19.15", product_id: "T037651", }, }, { category: "product_version", name: "7.19.15", product: { name: "Open Source Camunda 7.19.15", product_id: "T037651-fixed", product_identification_helper: { cpe: "cpe:/a:camunda:camunda:7.19.15", }, }, }, ], category: "product_name", name: "Camunda", }, ], category: "vendor", name: "Open Source", }, { branches: [ { category: "product_name", name: "Oracle Linux", product: { name: "Oracle Linux", product_id: "T004914", product_identification_helper: { cpe: "cpe:/o:oracle:linux:-", }, }, }, ], category: "vendor", name: "Oracle", }, { branches: [ { category: "product_name", name: "RESF Rocky Linux", product: { name: "RESF Rocky Linux", product_id: "T032255", product_identification_helper: { cpe: "cpe:/o:resf:rocky_linux:-", }, }, }, ], category: "vendor", name: "RESF", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, { branches: [ { branches: [ { category: "product_version", name: "v9 for Solaris", product: { name: "Xerox FreeFlow Print Server v9 for Solaris", product_id: "T028053", product_identification_helper: { cpe: "cpe:/a:xerox:freeflow_print_server:v9_for_solaris", }, }, }, ], category: "product_name", name: "FreeFlow Print Server", }, ], category: "vendor", name: "Xerox", }, ], }, vulnerabilities: [ { cve: "CVE-2024-34750", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Apache Tomcat, die auf eine unsachgemäße Behandlung von http/2-Streams und einen unkontrollierten Ressourcenverbrauch zurückzuführen ist, wodurch bestimmte Verbindungen offen bleiben können. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T036968", "T035812", "T036969", "T035811", "T036964", "67646", "T036965", "T036966", "T036967", "T036961", "T036962", "T036963", "T004914", "T037650", "T037651", "T038286", "T035809", "398363", "T028053", "T036976", "T037307", "T037648", "T037649", "T037686", "T037682", "T032255", "T037684", "T037685", "T037681", "2951", "T002207", "T038270", ], }, release_date: "2024-07-03T22:00:00.000+00:00", title: "CVE-2024-34750", }, ], }
wid-sec-w-2024-3195
Vulnerability from csaf_certbund
Notes
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Oracle Communications umfasst branchenspezifische Lösungen für die Telekommunikationsbranche.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- Sonstiges", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-3195 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3195.json", }, { category: "self", summary: "WID-SEC-2024-3195 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3195", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - October 2024 - Appendix Oracle Communications vom 2024-10-15", url: "https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixCGBU", }, ], source_lang: "en-US", title: "Oracle Communications: Mehrere Schwachstellen", tracking: { current_release_date: "2024-10-15T22:00:00.000+00:00", generator: { date: "2024-10-16T10:12:35.400+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2024-3195", initial_release_date: "2024-10-15T22:00:00.000+00:00", revision_history: [ { date: "2024-10-15T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "9.1.1.3.0", product: { name: "Oracle Communications 9.1.1.3.0", product_id: "T027333", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.1.1.3.0", }, }, }, { category: "product_version", name: "12.6.1.0.0", product: { name: "Oracle Communications 12.6.1.0.0", product_id: "T027338", product_identification_helper: { cpe: "cpe:/a:oracle:communications:12.6.1.0.0", }, }, }, { category: "product_version", name: "5.1", product: { name: "Oracle Communications 5.1", product_id: "T028684", product_identification_helper: { cpe: "cpe:/a:oracle:communications:5.1", }, }, }, { category: "product_version", name: "15.0.0.0.0", product: { name: "Oracle Communications 15.0.0.0.0", product_id: "T032090", product_identification_helper: { cpe: "cpe:/a:oracle:communications:15.0.0.0.0", }, }, }, { category: "product_version", name: "23.4.0", product: { name: "Oracle Communications 23.4.0", product_id: "T032091", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.4.0", }, }, }, { category: "product_version", name: "23.4.2", product: { name: "Oracle Communications 23.4.2", product_id: "T034144", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.4.2", }, }, }, { category: "product_version", name: "24.1.0", product: { name: "Oracle Communications 24.1.0", product_id: "T034145", product_identification_helper: { cpe: "cpe:/a:oracle:communications:24.1.0", }, }, }, { category: "product_version", name: "5.2", product: { name: "Oracle Communications 5.2", product_id: "T034146", product_identification_helper: { cpe: "cpe:/a:oracle:communications:5.2", }, }, }, { category: "product_version", name: "24.1.0.0.0", product: { name: "Oracle Communications 24.1.0.0.0", product_id: "T034147", product_identification_helper: { cpe: "cpe:/a:oracle:communications:24.1.0.0.0", }, }, }, { category: "product_version", name: "23.4.3", product: { name: "Oracle Communications 23.4.3", product_id: "T036195", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.4.3", }, }, }, { category: "product_version", name: "23.4.4", product: { name: "Oracle Communications 23.4.4", product_id: "T036196", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.4.4", }, }, }, { category: "product_version_range", name: "<=24.2.0", product: { name: "Oracle Communications <=24.2.0", product_id: "T036197", }, }, { category: "product_version_range", name: "<=24.2.0", product: { name: "Oracle Communications <=24.2.0", product_id: "T036197-fixed", }, }, { category: "product_version", name: "4.1.0", product: { name: "Oracle Communications 4.1.0", product_id: "T036205", product_identification_helper: { cpe: "cpe:/a:oracle:communications:4.1.0", }, }, }, { category: "product_version", name: "4.2.0", product: { name: "Oracle Communications 4.2.0", product_id: "T036206", product_identification_helper: { cpe: "cpe:/a:oracle:communications:4.2.0", }, }, }, { category: "product_version", name: "9.2.0", product: { name: "Oracle Communications 9.2.0", product_id: "T036207", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.2.0", }, }, }, { category: "product_version", name: "9.3.0", product: { name: "Oracle Communications 9.3.0", product_id: "T036208", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.3.0", }, }, }, { category: "product_version", name: "12.11.0", product: { name: "Oracle Communications 12.11.0", product_id: "T036209", product_identification_helper: { cpe: "cpe:/a:oracle:communications:12.11.0", }, }, }, { category: "product_version", name: "9.0.1.10.0", product: { name: "Oracle Communications 9.0.1.10.0", product_id: "T038373", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.0.1.10.0", }, }, }, { category: "product_version_range", name: "<=23.4.5", product: { name: "Oracle Communications <=23.4.5", product_id: "T038375", }, }, { category: "product_version_range", name: "<=23.4.5", product: { name: "Oracle Communications <=23.4.5", product_id: "T038375-fixed", }, }, { category: "product_version", name: "24.2.1", product: { name: "Oracle Communications 24.2.1", product_id: "T038376", product_identification_helper: { cpe: "cpe:/a:oracle:communications:24.2.1", }, }, }, { category: "product_version_range", name: "<=23.4.6", product: { name: "Oracle Communications <=23.4.6", product_id: "T038377", }, }, { category: "product_version_range", name: "<=23.4.6", product: { name: "Oracle Communications <=23.4.6", product_id: "T038377-fixed", }, }, { category: "product_version", name: "24.1.1", product: { name: "Oracle Communications 24.1.1", product_id: "T038378", product_identification_helper: { cpe: "cpe:/a:oracle:communications:24.1.1", }, }, }, { category: "product_version", name: "24.2.2", product: { name: "Oracle Communications 24.2.2", product_id: "T038379", product_identification_helper: { cpe: "cpe:/a:oracle:communications:24.2.2", }, }, }, { category: "product_version", name: "9.1.5", product: { name: "Oracle Communications 9.1.5", product_id: "T038380", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.1.5", }, }, }, { category: "product_version", name: "9.1.0", product: { name: "Oracle Communications 9.1.0", product_id: "T038381", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.1.0", }, }, }, { category: "product_version", name: "14", product: { name: "Oracle Communications 14.0", product_id: "T038382", product_identification_helper: { cpe: "cpe:/a:oracle:communications:14.0", }, }, }, { category: "product_version", name: "9.1.1.9.0", product: { name: "Oracle Communications 9.1.1.9.0", product_id: "T038383", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.1.1.9.0", }, }, }, { category: "product_version", name: "14.0.0.1", product: { name: "Oracle Communications 14.0.0.1", product_id: "T038384", product_identification_helper: { cpe: "cpe:/a:oracle:communications:14.0.0.1", }, }, }, { category: "product_version", name: "17.0.1", product: { name: "Oracle Communications 17.0.1", product_id: "T038385", product_identification_helper: { cpe: "cpe:/a:oracle:communications:17.0.1", }, }, }, { category: "product_version_range", name: "<10.4.0.4", product: { name: "Oracle Communications <10.4.0.4", product_id: "T038386", }, }, { category: "product_version", name: "10.4.0.4", product: { name: "Oracle Communications 10.4.0.4", product_id: "T038386-fixed", product_identification_helper: { cpe: "cpe:/a:oracle:communications:10.4.0.4", }, }, }, { category: "product_version_range", name: "<=9.1.1.8.0", product: { name: "Oracle Communications <=9.1.1.8.0", product_id: "T038426", }, }, { category: "product_version_range", name: "<=9.1.1.8.0", product: { name: "Oracle Communications <=9.1.1.8.0", product_id: "T038426-fixed", }, }, ], category: "product_name", name: "Communications", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2022-2068", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2022-2068", }, { cve: "CVE-2022-23437", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2022-23437", }, { cve: "CVE-2022-2601", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2022-2601", }, { cve: "CVE-2022-36760", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2022-36760", }, { cve: "CVE-2023-2953", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-2953", }, { cve: "CVE-2023-3635", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-3635", }, { cve: "CVE-2023-38408", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-38408", }, { cve: "CVE-2023-4043", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-4043", }, { cve: "CVE-2023-46136", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-46136", }, { cve: "CVE-2023-48795", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-48795", }, { cve: "CVE-2023-51775", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-51775", }, { cve: "CVE-2023-5685", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-5685", }, { cve: "CVE-2023-6597", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-6597", }, { cve: "CVE-2023-6816", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-6816", }, { cve: "CVE-2024-0450", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-0450", }, { cve: "CVE-2024-22020", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-22020", }, { cve: "CVE-2024-22257", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-22257", }, { cve: "CVE-2024-22262", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-22262", }, { cve: "CVE-2024-23672", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-23672", }, { cve: "CVE-2024-2398", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-2398", }, { cve: "CVE-2024-25062", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-25062", }, { cve: "CVE-2024-25638", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-25638", }, { cve: "CVE-2024-26308", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-26308", }, { cve: "CVE-2024-28182", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-28182", }, { cve: "CVE-2024-28849", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-28849", }, { cve: "CVE-2024-29025", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-29025", }, { cve: "CVE-2024-29736", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-29736", }, { cve: "CVE-2024-29857", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-29857", }, { cve: "CVE-2024-30251", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-30251", }, { cve: "CVE-2024-31080", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-31080", }, { cve: "CVE-2024-31744", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-31744", }, { cve: "CVE-2024-32760", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-32760", }, { cve: "CVE-2024-33602", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-33602", }, { cve: "CVE-2024-34750", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-34750", }, { cve: "CVE-2024-37371", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-37371", }, { cve: "CVE-2024-37891", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-37891", }, { cve: "CVE-2024-38816", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-38816", }, { cve: "CVE-2024-40898", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-40898", }, { cve: "CVE-2024-43044", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-43044", }, { cve: "CVE-2024-45492", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-45492", }, { cve: "CVE-2024-4577", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-4577", }, { cve: "CVE-2024-4603", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-4603", }, { cve: "CVE-2024-5971", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-5971", }, { cve: "CVE-2024-6162", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-6162", }, { cve: "CVE-2024-6387", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-6387", }, { cve: "CVE-2024-7254", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-7254", }, ], }
wid-sec-w-2024-3197
Vulnerability from csaf_certbund
Notes
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Oracle Commerce ist eine elektronische Handelsplattform.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Commerce ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-3197 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3197.json", }, { category: "self", summary: "WID-SEC-2024-3197 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3197", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - October 2024 - Appendix Oracle Commerce vom 2024-10-15", url: "https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixOCOM", }, ], source_lang: "en-US", title: "Oracle Commerce: Mehrere Schwachstellen", tracking: { current_release_date: "2024-10-15T22:00:00.000+00:00", generator: { date: "2024-10-16T10:12:41.528+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2024-3197", initial_release_date: "2024-10-15T22:00:00.000+00:00", revision_history: [ { date: "2024-10-15T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "11.3.0", product: { name: "Oracle Commerce 11.3.0", product_id: "T018931", product_identification_helper: { cpe: "cpe:/a:oracle:commerce:11.3.0", }, }, }, { category: "product_version", name: "11.3.1", product: { name: "Oracle Commerce 11.3.1", product_id: "T018932", product_identification_helper: { cpe: "cpe:/a:oracle:commerce:11.3.1", }, }, }, { category: "product_version", name: "11.3.2", product: { name: "Oracle Commerce 11.3.2", product_id: "T018933", product_identification_helper: { cpe: "cpe:/a:oracle:commerce:11.3.2", }, }, }, { category: "product_version", name: "11.4.0", product: { name: "Oracle Commerce 11.4.0", product_id: "T038369", product_identification_helper: { cpe: "cpe:/a:oracle:commerce:11.4.0", }, }, }, ], category: "product_name", name: "Commerce", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2019-10172", notes: [ { category: "description", text: "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T018931", "T018932", "T018933", "T038369", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2019-10172", }, { cve: "CVE-2020-13956", notes: [ { category: "description", text: "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T018931", "T018932", "T018933", "T038369", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2020-13956", }, { cve: "CVE-2021-23358", notes: [ { category: "description", text: "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T018931", "T018932", "T018933", "T038369", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2021-23358", }, { cve: "CVE-2021-28170", notes: [ { category: "description", text: "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T018931", "T018932", "T018933", "T038369", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2021-28170", }, { cve: "CVE-2022-46337", notes: [ { category: "description", text: "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T018931", "T018932", "T018933", "T038369", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2022-46337", }, { cve: "CVE-2023-20863", notes: [ { category: "description", text: "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T018931", "T018932", "T018933", "T038369", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-20863", }, { cve: "CVE-2023-2976", notes: [ { category: "description", text: "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T018931", "T018932", "T018933", "T038369", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-2976", }, { cve: "CVE-2024-26308", notes: [ { category: "description", text: "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T018931", "T018932", "T018933", "T038369", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-26308", }, { cve: "CVE-2024-34750", notes: [ { category: "description", text: "In Oracle Commerce existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T018931", "T018932", "T018933", "T038369", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-34750", }, ], }
wid-sec-w-2024-1905
Vulnerability from csaf_certbund
Notes
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "IBM QRadar Security Information and Event Management (SIEM) bietet Unterstützung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, eine Man-in-the-Middle-Situation zu schaffen, Sicherheitsmaßnahmen zu umgehen oder eine Denial-of-Service-Situation zu schaffen.", title: "Angriff", }, { category: "general", text: "- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-1905 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1905.json", }, { category: "self", summary: "WID-SEC-2024-1905 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1905", }, { category: "external", summary: "IBM Security Bulletin 7166204 vom 2024-08-21", url: "https://www.ibm.com/support/pages/node/7166204", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-12606 vom 2024-09-03", url: "https://linux.oracle.com/errata/ELSA-2024-12606.html", }, { category: "external", summary: "ORACLE OVMSA-2024-0011 vom 2024-09-04", url: "https://oss.oracle.com/pipermail/oraclevm-errata/2024-September/001099.html", }, { category: "external", summary: "IBM Security Bulletin 7167662 vom 2024-09-05", url: "https://www.ibm.com/support/pages/node/7167662", }, ], source_lang: "en-US", title: "IBM QRadar SIEM: Mehrere Schwachstellen", tracking: { current_release_date: "2024-09-05T22:00:00.000+00:00", generator: { date: "2024-09-06T08:13:42.015+00:00", engine: { name: "BSI-WID", version: "1.3.6", }, }, id: "WID-SEC-W-2024-1905", initial_release_date: "2024-08-21T22:00:00.000+00:00", revision_history: [ { date: "2024-08-21T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-09-02T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2024-09-04T22:00:00.000+00:00", number: "3", summary: "Neue Updates von ORACLE aufgenommen", }, { date: "2024-09-05T22:00:00.000+00:00", number: "4", summary: "Neue Updates von IBM aufgenommen", }, ], status: "final", version: "4", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "24.0.0", product: { name: "IBM Business Automation Workflow 24.0.0", product_id: "T036570", product_identification_helper: { cpe: "cpe:/a:ibm:business_automation_workflow:24.0.0", }, }, }, ], category: "product_name", name: "Business Automation Workflow", }, { branches: [ { category: "product_version_range", name: "<7.5.0 UP9 IF02", product: { name: "IBM QRadar SIEM <7.5.0 UP9 IF02", product_id: "T037023", }, }, { category: "product_version", name: "7.5.0 UP9 IF02", product: { name: "IBM QRadar SIEM 7.5.0 UP9 IF02", product_id: "T037023-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:qradar_siem:7.5.0_up9_if02", }, }, }, ], category: "product_name", name: "QRadar SIEM", }, ], category: "vendor", name: "IBM", }, { branches: [ { category: "product_name", name: "Oracle Linux", product: { name: "Oracle Linux", product_id: "T004914", product_identification_helper: { cpe: "cpe:/o:oracle:linux:-", }, }, }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2020-26555", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2020-26555", }, { cve: "CVE-2021-46909", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2021-46909", }, { cve: "CVE-2021-46972", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2021-46972", }, { cve: "CVE-2021-47069", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2021-47069", }, { cve: "CVE-2021-47073", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2021-47073", }, { cve: "CVE-2021-47236", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2021-47236", }, { cve: "CVE-2021-47310", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2021-47310", }, { cve: "CVE-2021-47311", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2021-47311", }, { cve: "CVE-2021-47353", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2021-47353", }, { cve: "CVE-2021-47356", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2021-47356", }, { cve: "CVE-2021-47456", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2021-47456", }, { cve: "CVE-2021-47495", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2021-47495", }, { cve: "CVE-2023-43788", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2023-43788", }, { cve: "CVE-2023-43789", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2023-43789", }, { cve: "CVE-2023-4692", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2023-4692", }, { cve: "CVE-2023-4693", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2023-4693", }, { cve: "CVE-2023-5090", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2023-5090", }, { cve: "CVE-2023-52464", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2023-52464", }, { cve: "CVE-2023-52560", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2023-52560", }, { cve: "CVE-2023-52615", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2023-52615", }, { cve: "CVE-2023-52626", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2023-52626", }, { cve: "CVE-2023-52667", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2023-52667", }, { cve: "CVE-2023-52669", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2023-52669", }, { cve: "CVE-2023-52675", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2023-52675", }, { cve: "CVE-2023-52686", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2023-52686", }, { cve: "CVE-2023-52700", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2023-52700", }, { cve: "CVE-2023-52703", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2023-52703", }, { cve: "CVE-2023-52781", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2023-52781", }, { cve: "CVE-2023-52813", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2023-52813", }, { cve: "CVE-2023-52835", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2023-52835", }, { cve: "CVE-2023-52877", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2023-52877", }, { cve: "CVE-2023-52878", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2023-52878", }, { cve: "CVE-2023-52881", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2023-52881", }, { cve: "CVE-2023-7008", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2023-7008", }, { cve: "CVE-2024-1048", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2024-1048", }, { cve: "CVE-2024-22365", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2024-22365", }, { cve: "CVE-2024-26583", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2024-26583", }, { cve: "CVE-2024-26584", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2024-26584", }, { cve: "CVE-2024-26585", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2024-26585", }, { cve: "CVE-2024-26656", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2024-26656", }, { cve: "CVE-2024-26675", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2024-26675", }, { cve: "CVE-2024-26735", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2024-26735", }, { cve: "CVE-2024-26759", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2024-26759", }, { cve: "CVE-2024-26801", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2024-26801", }, { cve: "CVE-2024-26804", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2024-26804", }, { cve: "CVE-2024-26826", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2024-26826", }, { cve: "CVE-2024-26859", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2024-26859", }, { cve: "CVE-2024-26906", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2024-26906", }, { cve: "CVE-2024-26907", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2024-26907", }, { cve: "CVE-2024-26974", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2024-26974", }, { cve: "CVE-2024-26982", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2024-26982", }, { cve: "CVE-2024-27397", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2024-27397", }, { cve: "CVE-2024-27410", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2024-27410", }, { cve: "CVE-2024-34750", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2024-34750", }, { cve: "CVE-2024-35789", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2024-35789", }, { cve: "CVE-2024-35835", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2024-35835", }, { cve: "CVE-2024-35838", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2024-35838", }, { cve: "CVE-2024-35845", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2024-35845", }, { cve: "CVE-2024-35852", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2024-35852", }, { cve: "CVE-2024-35853", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2024-35853", }, { cve: "CVE-2024-35854", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2024-35854", }, { cve: "CVE-2024-35855", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2024-35855", }, { cve: "CVE-2024-35888", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2024-35888", }, { cve: "CVE-2024-35890", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2024-35890", }, { cve: "CVE-2024-35958", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2024-35958", }, { cve: "CVE-2024-35959", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2024-35959", }, { cve: "CVE-2024-35960", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2024-35960", }, { cve: "CVE-2024-36004", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2024-36004", }, { cve: "CVE-2024-36007", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2024-36007", }, { cve: "CVE-2024-5564", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler bestehen in mehreren Komponenten wie systemd, Grub oder dem Linux-Kernel, u. a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Use-after-free-Schwachstelle, einer unsachgemäßen Prüfung der Grenzen oder eines Pufferüberlaufs und mehr. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Man-in-the-Middle-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.", }, ], product_status: { known_affected: [ "T036570", "T004914", "T037023", ], }, release_date: "2024-08-21T22:00:00.000+00:00", title: "CVE-2024-5564", }, ], }
wid-sec-w-2024-2100
Vulnerability from csaf_certbund
Notes
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Die Hardware Management Console (HMC) von IBM ist ein System zur Virtualisierung von IBM Servern.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann mehrere Schwachstellen in IBM Power Hardware Management Console ausnutzen, um beliebigen Programmcode auszuführen, einen Denial-of-Service-Zustand zu erzeugen und vertrauliche Informationen preiszugeben.", title: "Angriff", }, { category: "general", text: "- Sonstiges\n- UNIX", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-2100 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-2100.json", }, { category: "self", summary: "WID-SEC-2024-2100 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2100", }, { category: "external", summary: "IBM Security Bulletin 7168007 vom 2024-09-10", url: "https://www.ibm.com/support/pages/node/7168007", }, { category: "external", summary: "IBM Security Bulletin 7168008 vom 2024-09-10", url: "https://www.ibm.com/support/pages/node/7168008", }, { category: "external", summary: "IBM Security Bulletin 7168013 vom 2024-09-10", url: "https://www.ibm.com/support/pages/node/7168013", }, { category: "external", summary: "IBM Security Bulletin 7168015 vom 2024-09-10", url: "https://www.ibm.com/support/pages/node/7168015", }, { category: "external", summary: "IBM Security Bulletin 7168014 vom 2024-09-10", url: "https://www.ibm.com/support/pages/node/7168014", }, { category: "external", summary: "IBM Security Bulletin 7168016 vom 2024-09-10", url: "https://www.ibm.com/support/pages/node/7168016", }, { category: "external", summary: "IBM Security Bulletin 7168017 vom 2024-09-10", url: "https://www.ibm.com/support/pages/node/7168017", }, { category: "external", summary: "IBM Security Bulletin 7168018 vom 2024-09-10", url: "https://www.ibm.com/support/pages/node/7168018", }, { category: "external", summary: "IBM Security Bulletin 7168019 vom 2024-09-10", url: "https://www.ibm.com/support/pages/node/7168019", }, { category: "external", summary: "IBM Security Bulletin 7168020 vom 2024-09-10", url: "https://www.ibm.com/support/pages/node/7168020", }, ], source_lang: "en-US", title: "IBM Power Hardware Management Console: Mehrere Schwachstellen", tracking: { current_release_date: "2024-09-10T22:00:00.000+00:00", generator: { date: "2024-09-11T08:15:41.154+00:00", engine: { name: "BSI-WID", version: "1.3.6", }, }, id: "WID-SEC-W-2024-2100", initial_release_date: "2024-09-10T22:00:00.000+00:00", revision_history: [ { date: "2024-09-10T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<V10.2.1040.0 SP2 x86", product: { name: "IBM Power Hardware Management Console <V10.2.1040.0 SP2 x86", product_id: "T037441", }, }, { category: "product_version", name: "V10.2.1040.0 SP2 x86", product: { name: "IBM Power Hardware Management Console V10.2.1040.0 SP2 x86", product_id: "T037441-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:hardware_management_console:v10.2.1040.0_sp2_x86", }, }, }, { category: "product_version_range", name: "<V10.2.1040.0 SP2 ppc", product: { name: "IBM Power Hardware Management Console <V10.2.1040.0 SP2 ppc", product_id: "T037443", }, }, { category: "product_version", name: "V10.2.1040.0 SP2 ppc", product: { name: "IBM Power Hardware Management Console V10.2.1040.0 SP2 ppc", product_id: "T037443-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:hardware_management_console:v10.2.1040.0_sp2_ppc", }, }, }, { category: "product_version_range", name: "<V10.3.1060.0 x86", product: { name: "IBM Power Hardware Management Console <V10.3.1060.0 x86", product_id: "T037444", }, }, { category: "product_version", name: "V10.3.1060.0 x86", product: { name: "IBM Power Hardware Management Console V10.3.1060.0 x86", product_id: "T037444-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:hardware_management_console:v10.3.1060.0_x86", }, }, }, { category: "product_version_range", name: "<V10.3.1060.0 ppc", product: { name: "IBM Power Hardware Management Console <V10.3.1060.0 ppc", product_id: "T037445", }, }, { category: "product_version", name: "V10.3.1060.0 ppc", product: { name: "IBM Power Hardware Management Console V10.3.1060.0 ppc", product_id: "T037445-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:hardware_management_console:v10.3.1060.0_ppc", }, }, }, ], category: "product_name", name: "Power Hardware Management Console", }, ], category: "vendor", name: "IBM", }, ], }, vulnerabilities: [ { cve: "CVE-2023-40546", notes: [ { category: "description", text: "In IBM Power Hardware Management Console existieren mehrere Schwachstellen. Diese Schwachstellen betreffen die rhboot-Shim-Komponente und werden durch Fehler wie NULL-Zeiger-Dereferenzierung, Out-of-Bounds-Schreib- und Lesevorgänge und Integer-Überläufe verursacht. Ein lokaler Angreifer oder ein Angreifer aus einem benachbarten Netzwerk kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu erzeugen und vertrauliche Informationen preiszugeben.", }, ], product_status: { known_affected: [ "T037444", "T037445", "T037441", "T037443", ], }, release_date: "2024-09-10T22:00:00.000+00:00", title: "CVE-2023-40546", }, { cve: "CVE-2023-40547", notes: [ { category: "description", text: "In IBM Power Hardware Management Console existieren mehrere Schwachstellen. Diese Schwachstellen betreffen die rhboot-Shim-Komponente und werden durch Fehler wie NULL-Zeiger-Dereferenzierung, Out-of-Bounds-Schreib- und Lesevorgänge und Integer-Überläufe verursacht. Ein lokaler Angreifer oder ein Angreifer aus einem benachbarten Netzwerk kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu erzeugen und vertrauliche Informationen preiszugeben.", }, ], product_status: { known_affected: [ "T037444", "T037445", "T037441", "T037443", ], }, release_date: "2024-09-10T22:00:00.000+00:00", title: "CVE-2023-40547", }, { cve: "CVE-2023-40548", notes: [ { category: "description", text: "In IBM Power Hardware Management Console existieren mehrere Schwachstellen. Diese Schwachstellen betreffen die rhboot-Shim-Komponente und werden durch Fehler wie NULL-Zeiger-Dereferenzierung, Out-of-Bounds-Schreib- und Lesevorgänge und Integer-Überläufe verursacht. Ein lokaler Angreifer oder ein Angreifer aus einem benachbarten Netzwerk kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu erzeugen und vertrauliche Informationen preiszugeben.", }, ], product_status: { known_affected: [ "T037444", "T037445", "T037441", "T037443", ], }, release_date: "2024-09-10T22:00:00.000+00:00", title: "CVE-2023-40548", }, { cve: "CVE-2023-40549", notes: [ { category: "description", text: "In IBM Power Hardware Management Console existieren mehrere Schwachstellen. Diese Schwachstellen betreffen die rhboot-Shim-Komponente und werden durch Fehler wie NULL-Zeiger-Dereferenzierung, Out-of-Bounds-Schreib- und Lesevorgänge und Integer-Überläufe verursacht. Ein lokaler Angreifer oder ein Angreifer aus einem benachbarten Netzwerk kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu erzeugen und vertrauliche Informationen preiszugeben.", }, ], product_status: { known_affected: [ "T037444", "T037445", "T037441", "T037443", ], }, release_date: "2024-09-10T22:00:00.000+00:00", title: "CVE-2023-40549", }, { cve: "CVE-2023-40550", notes: [ { category: "description", text: "In IBM Power Hardware Management Console existieren mehrere Schwachstellen. Diese Schwachstellen betreffen die rhboot-Shim-Komponente und werden durch Fehler wie NULL-Zeiger-Dereferenzierung, Out-of-Bounds-Schreib- und Lesevorgänge und Integer-Überläufe verursacht. Ein lokaler Angreifer oder ein Angreifer aus einem benachbarten Netzwerk kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu erzeugen und vertrauliche Informationen preiszugeben.", }, ], product_status: { known_affected: [ "T037444", "T037445", "T037441", "T037443", ], }, release_date: "2024-09-10T22:00:00.000+00:00", title: "CVE-2023-40550", }, { cve: "CVE-2023-40551", notes: [ { category: "description", text: "In IBM Power Hardware Management Console existieren mehrere Schwachstellen. Diese Schwachstellen betreffen die rhboot-Shim-Komponente und werden durch Fehler wie NULL-Zeiger-Dereferenzierung, Out-of-Bounds-Schreib- und Lesevorgänge und Integer-Überläufe verursacht. Ein lokaler Angreifer oder ein Angreifer aus einem benachbarten Netzwerk kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu erzeugen und vertrauliche Informationen preiszugeben.", }, ], product_status: { known_affected: [ "T037444", "T037445", "T037441", "T037443", ], }, release_date: "2024-09-10T22:00:00.000+00:00", title: "CVE-2023-40551", }, { cve: "CVE-2023-6135", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in der IBM Power Hardware Management Console. Dieser Fehler betrifft die Mozilla Network Security Services NIST-Kurve, die in Mozilla Firefox verwendet wird, und zwar durch einen als Minerva bekannten Side-Channel-Angriff, der die Wiederherstellung des privaten Schlüssels ermöglicht. Ein anonymer Angreifer kann diese Schwachstelle ausnutzen, indem er ein Opfer dazu bringt, eine speziell gestaltete Website zu besuchen, um vertrauliche Informationen preiszugeben. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T037444", "T037445", "T037441", "T037443", ], }, release_date: "2024-09-10T22:00:00.000+00:00", title: "CVE-2023-6135", }, { cve: "CVE-2023-39615", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in IBM Power Hardware Management Console. Dieser Fehler besteht in Xmlsoft Libxml2 aufgrund eines Pufferüberlaufs. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, indem er eine manipulierte XML-Datei bereitstellt.", }, ], product_status: { known_affected: [ "T037444", "T037445", "T037441", "T037443", ], }, release_date: "2024-09-10T22:00:00.000+00:00", title: "CVE-2023-39615", }, { cve: "CVE-2023-5388", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in IBM Power Hardware Management Console. Dieser Fehler ist auf eine beobachtbare Zeitdiskrepanz in der numerischen Bibliothek zurückzuführen, die in NSS für die RSA-Kryptographie verwendet wird. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen preiszugeben und diese Informationen für weitere Angriffe zu verwenden.", }, ], product_status: { known_affected: [ "T037444", "T037445", "T037441", "T037443", ], }, release_date: "2024-09-10T22:00:00.000+00:00", title: "CVE-2023-5388", }, { cve: "CVE-2023-3446", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM Power Hardware Management Console. Diese Fehler betreffen die OpenSSL-Bibliothek aufgrund einer unsachgemäßen Behandlung von DH-Schlüsseln und Parametern während der Schlüsselvalidierung und -erzeugung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T037444", "T037445", "T037441", "T037443", ], }, release_date: "2024-09-10T22:00:00.000+00:00", title: "CVE-2023-3446", }, { cve: "CVE-2023-3817", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM Power Hardware Management Console. Diese Fehler betreffen die OpenSSL-Bibliothek aufgrund einer unsachgemäßen Behandlung von DH-Schlüsseln und Parametern während der Schlüsselvalidierung und -erzeugung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T037444", "T037445", "T037441", "T037443", ], }, release_date: "2024-09-10T22:00:00.000+00:00", title: "CVE-2023-3817", }, { cve: "CVE-2023-5678", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM Power Hardware Management Console. Diese Fehler betreffen die OpenSSL-Bibliothek aufgrund einer unsachgemäßen Behandlung von DH-Schlüsseln und Parametern während der Schlüsselvalidierung und -erzeugung. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T037444", "T037445", "T037441", "T037443", ], }, release_date: "2024-09-10T22:00:00.000+00:00", title: "CVE-2023-5678", }, { cve: "CVE-2024-34750", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in IBM Power Hardware Management Console. Diese Fehler betrifft den Apache Tomcat Server aufgrund eines Fehlers bei der Verarbeitung eines HTTP/2-Streams. Durch das Senden speziell gestalteter HTTP-Header kann ein entfernter, anonymer Angreifer diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T037444", "T037445", "T037441", "T037443", ], }, release_date: "2024-09-10T22:00:00.000+00:00", title: "CVE-2024-34750", }, { cve: "CVE-2022-3094", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in IBM Power Hardware Management Console. Dieser Fehler betrifft ISC BIND aufgrund einer unsachgemäßen Speicherzuweisung, die es ermöglicht, UPDATE-Nachrichten zu senden, was zu einer Speichererschöpfung führt. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen.", }, ], product_status: { known_affected: [ "T037444", "T037445", "T037441", "T037443", ], }, release_date: "2024-09-10T22:00:00.000+00:00", title: "CVE-2022-3094", }, { cve: "CVE-2023-4641", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in IBM Power Hardware Management Console. Die shadow-utils Bibliothek ist von diesem Fehler betroffen, da Passwortinformationen unsachgemäß gehandhabt werden, insbesondere weil der Puffer zum Speichern von Passwörtern nicht gelöscht wird. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen preiszugeben.", }, ], product_status: { known_affected: [ "T037444", "T037445", "T037441", "T037443", ], }, release_date: "2024-09-10T22:00:00.000+00:00", title: "CVE-2023-4641", }, { cve: "CVE-2023-22745", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in IBM Power Hardware Management Console. Dieser Fehler betrifft die tpm2-tss Bibliothek aufgrund einer unsachgemäßen Überprüfung der Grenzen in den Tss2_RC_SetHandler und Tss2_RC_Decode Funktionen, was zu einem Pufferüberlauf führt. Ein lokaler Angreifer mit hohen Privilegien kann diese Schwachstelle zur Ausführung von beliebigem Code ausnutzen.", }, ], product_status: { known_affected: [ "T037444", "T037445", "T037441", "T037443", ], }, release_date: "2024-09-10T22:00:00.000+00:00", title: "CVE-2023-22745", }, { cve: "CVE-2023-52425", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in IBM Power Hardware Management Console. Dieser Fehler betrifft die expat-Bibliothek aufgrund einer unsachgemäßen Zuweisung von Systemressourcen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, indem er eine speziell gestaltete Anfrage mit einem übermäßig großen Token sendet.", }, ], product_status: { known_affected: [ "T037444", "T037445", "T037441", "T037443", ], }, release_date: "2024-09-10T22:00:00.000+00:00", title: "CVE-2023-52425", }, ], }
fkie_cve-2024-34750
Vulnerability from fkie_nvd
Vendor | Product | Version |
---|
{ cveTags: [], descriptions: [ { lang: "en", value: "Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89.\n\nUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.\n\n", }, { lang: "es", value: "Manejo inadecuado de condiciones excepcionales, vulnerabilidad de consumo incontrolado de recursos en Apache Tomcat. Al procesar una secuencia HTTP/2, Tomcat no manejó correctamente algunos casos de encabezados HTTP excesivos. Esto llevó a un conteo erróneo de flujos HTTP/2 activos que a su vez llevó al uso de un tiempo de espera infinito incorrecto que permitió que las conexiones permanecieran abiertas y que deberían haberse cerrado. Este problema afecta a Apache Tomcat: desde 11.0.0-M1 hasta 11.0.0-M20, desde 10.1.0-M1 hasta 10.1.24, desde 9.0.0-M1 hasta 9.0.89. Se recomienda a los usuarios actualizar a la versión 11.0.0-M21, 10.1.25 o 9.0.90, que soluciona el problema.", }, ], id: "CVE-2024-34750", lastModified: "2024-11-21T09:19:19.377", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-03T20:15:04.083", references: [ { source: "security@apache.org", url: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240816-0004/", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Awaiting Analysis", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, { lang: "en", value: "CWE-755", }, ], source: "security@apache.org", type: "Secondary", }, ], }
ghsa-wm9w-rjj3-j356
Vulnerability from github
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89.
Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.
{ affected: [ { package: { ecosystem: "Maven", name: "org.apache.tomcat.embed:tomcat-embed-core", }, ranges: [ { events: [ { introduced: "11.0.0-M1", }, { fixed: "11.0.0-M21", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "Maven", name: "org.apache.tomcat.embed:tomcat-embed-core", }, ranges: [ { events: [ { introduced: "10.1.0-M1", }, { fixed: "10.1.25", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "Maven", name: "org.apache.tomcat.embed:tomcat-embed-core", }, ranges: [ { events: [ { introduced: "9.0.0-M1", }, { fixed: "9.0.90", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "Maven", name: "org.apache.tomcat:tomcat-coyote", }, ranges: [ { events: [ { introduced: "11.0.0-M1", }, { fixed: "11.0.0-M21", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "Maven", name: "org.apache.tomcat:tomcat-coyote", }, ranges: [ { events: [ { introduced: "10.1.0-M1", }, { fixed: "10.1.25", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "Maven", name: "org.apache.tomcat:tomcat-coyote", }, ranges: [ { events: [ { introduced: "9.0.0-M1", }, { fixed: "9.0.90", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2024-34750", ], database_specific: { cwe_ids: [ "CWE-400", "CWE-755", ], github_reviewed: true, github_reviewed_at: "2024-07-05T20:39:41Z", nvd_published_at: "2024-07-03T20:15:04Z", severity: "HIGH", }, details: "Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89.\n\nUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.\n\n", id: "GHSA-wm9w-rjj3-j356", modified: "2024-07-05T20:39:42Z", published: "2024-07-03T21:39:44Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34750", }, { type: "WEB", url: "https://github.com/apache/tomcat/commit/2344a4c0d03e307ba6b8ab6dc8b894cc8bac63f2", }, { type: "WEB", url: "https://github.com/apache/tomcat/commit/2afae300c9ac9c0e516e2e9de580847d925365c3", }, { type: "WEB", url: "https://github.com/apache/tomcat/commit/9fec9a82887853402833a80b584e3762c7423f5f", }, { type: "PACKAGE", url: "https://github.com/apache/tomcat", }, { type: "WEB", url: "https://lists.apache.org/thread/4kqf0bc9gxymjc2x7v3p7dvplnl77y8l", }, { type: "WEB", url: "https://tomcat.apache.org/security-10.html", }, { type: "WEB", url: "https://tomcat.apache.org/security-11.html", }, { type: "WEB", url: "https://tomcat.apache.org/security-9.html", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", type: "CVSS_V3", }, { score: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", type: "CVSS_V4", }, ], summary: "Apache Tomcat - Denial of Service", }
Log in or create an account to share your comment.
This schema specifies the format of a comment related to a security advisory.
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.