Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2024-47554
Vulnerability from cvelistv5
Published
2024-10-03 11:32
Modified
2025-01-31 15:02
Severity ?
EPSS score ?
Summary
Uncontrolled Resource Consumption vulnerability in Apache Commons IO.
The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.
This issue affects Apache Commons IO: from 2.0 before 2.14.0.
Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Commons IO |
Version: 2.0 ≤ |
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-47554", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-03T13:00:56.326970Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-04T15:03:37.949Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2025-01-31T15:02:47.229Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "http://www.openwall.com/lists/oss-security/2024/10/03/2", }, { url: "https://security.netapp.com/advisory/ntap-20250131-0010/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://repo.maven.apache.org/maven2", defaultStatus: "unaffected", packageName: "commons-io:commons-io", product: "Apache Commons IO", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.14.0", status: "affected", version: "2.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "tool", value: "CodeQL", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Uncontrolled Resource Consumption vulnerability in Apache Commons IO.</p><p>The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.<br></p><p>This issue affects Apache Commons IO: from 2.0 before 2.14.0.</p><p>Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.</p>", }, ], value: "Uncontrolled Resource Consumption vulnerability in Apache Commons IO.\n\nThe org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.\n\n\nThis issue affects Apache Commons IO: from 2.0 before 2.14.0.\n\nUsers are recommended to upgrade to version 2.14.0 or later, which fixes the issue.", }, ], metrics: [ { other: { content: { text: "low", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-03T11:32:48.936Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1", }, ], source: { discovery: "EXTERNAL", }, title: "Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2024-47554", datePublished: "2024-10-03T11:32:48.936Z", dateReserved: "2024-09-26T16:12:46.116Z", dateUpdated: "2025-01-31T15:02:47.229Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { descriptions: "[{\"lang\": \"en\", \"value\": \"Uncontrolled Resource Consumption vulnerability in Apache Commons IO.\\n\\nThe org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.\\n\\n\\nThis issue affects Apache Commons IO: from 2.0 before 2.14.0.\\n\\nUsers are recommended to upgrade to version 2.14.0 or later, which fixes the issue.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de consumo descontrolado de recursos en Apache Commons IO. La clase org.apache.commons.io.input.XmlStreamReader puede consumir recursos de CPU en exceso al procesar una entrada manipulada con fines malintencionados. Este problema afecta a Apache Commons IO: desde la versi\\u00f3n 2.0 hasta la 2.14.0. Se recomienda a los usuarios que actualicen a la versi\\u00f3n 2.14.0 o posterior, que soluciona el problema.\"}]", id: "CVE-2024-47554", lastModified: "2024-12-04T15:15:11.940", metrics: "{\"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}]}", published: "2024-10-03T12:15:02.613", references: "[{\"url\": \"https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1\", \"source\": \"security@apache.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/10/03/2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]", sourceIdentifier: "security@apache.org", vulnStatus: "Awaiting Analysis", weaknesses: "[{\"source\": \"security@apache.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-400\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2024-47554\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2024-10-03T12:15:02.613\",\"lastModified\":\"2025-01-31T15:15:13.520\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Uncontrolled Resource Consumption vulnerability in Apache Commons IO.\\n\\nThe org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.\\n\\n\\nThis issue affects Apache Commons IO: from 2.0 before 2.14.0.\\n\\nUsers are recommended to upgrade to version 2.14.0 or later, which fixes the issue.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de consumo descontrolado de recursos en Apache Commons IO. La clase org.apache.commons.io.input.XmlStreamReader puede consumir recursos de CPU en exceso al procesar una entrada manipulada con fines malintencionados. Este problema afecta a Apache Commons IO: desde la versión 2.0 hasta la 2.14.0. Se recomienda a los usuarios que actualicen a la versión 2.14.0 o posterior, que soluciona el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1\",\"source\":\"security@apache.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/10/03/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20250131-0010/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2024/10/03/2\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20250131-0010/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-01-31T15:02:47.229Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-47554\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-03T13:00:56.326970Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-03T13:00:59.433Z\"}}], \"cna\": {\"title\": \"Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"tool\", \"value\": \"CodeQL\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"low\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Commons IO\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0\", \"lessThan\": \"2.14.0\", \"versionType\": \"semver\"}], \"packageName\": \"commons-io:commons-io\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Uncontrolled Resource Consumption vulnerability in Apache Commons IO.\\n\\nThe org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.\\n\\n\\nThis issue affects Apache Commons IO: from 2.0 before 2.14.0.\\n\\nUsers are recommended to upgrade to version 2.14.0 or later, which fixes the issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"<p>Uncontrolled Resource Consumption vulnerability in Apache Commons IO.</p><p>The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.<br></p><p>This issue affects Apache Commons IO: from 2.0 before 2.14.0.</p><p>Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.</p>\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400 Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2024-10-03T11:32:48.936Z\"}}}", cveMetadata: "{\"cveId\": \"CVE-2024-47554\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-31T15:02:47.229Z\", \"dateReserved\": \"2024-09-26T16:12:46.116Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2024-10-03T11:32:48.936Z\", \"assignerShortName\": \"apache\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
RHSA-2024:9571
Vulnerability from csaf_redhat
Published
2024-11-13 16:21
Modified
2025-03-28 11:01
Summary
Red Hat Security Advisory: Streams for Apache Kafka 2.8.0 release and security update
Notes
Topic
Streams for Apache Kafka 2.8.0 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Streams for Apache Kafka, based on the Apache Kafka project, offers a distributed
backbone that allows microservices and other applications to share data with
extremely high throughput and extremely low latency.
This release of Red Hat AMQ Streams 2.8.0 serves as a replacement for Red Hat
AMQ Streams 2.7.0, and includes security and bug fixes, and enhancements.
Security Fix(es):
* Zookeeper, Kafka, Cruise Control: org.eclipse.jetty/jetty-server: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks [amq-st-2]
"(CVE-2024-8184)"
* Zookeeper, Kafka : org.eclipse.jetty/jetty-servlets: Jetty DOS vulnerability on DosFilter [amq-st-2] "(CVE-2024-9823)"
* Zookeeper, Kafka, Drain Cleaner, Cruise Control: Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader "(CVE-2024-47554)"
* Kafka: (com.google.protobuf:protobuf-java@3.23.4). Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users "(CVE-2024-7254)"
"Drain Cleaner: Awaiting Analysis(CVE-2024-29025)"
* Kroxylicoius: When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perform a Man-in-the-Middle attack or compromise any external systems, such as DNS or network routing configuration. "(CVE-2024-8285)"
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Streams for Apache Kafka 2.8.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Streams for Apache Kafka, based on the Apache Kafka project, offers a distributed\nbackbone that allows microservices and other applications to share data with\nextremely high throughput and extremely low latency.\n\nThis release of Red Hat AMQ Streams 2.8.0 serves as a replacement for Red Hat\nAMQ Streams 2.7.0, and includes security and bug fixes, and enhancements.\n\nSecurity Fix(es):\n* Zookeeper, Kafka, Cruise Control: org.eclipse.jetty/jetty-server: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks [amq-st-2] \n\"(CVE-2024-8184)\"\n\n* Zookeeper, Kafka : org.eclipse.jetty/jetty-servlets: Jetty DOS vulnerability on DosFilter [amq-st-2] \"(CVE-2024-9823)\"\n\n* Zookeeper, Kafka, Drain Cleaner, Cruise Control: Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader \"(CVE-2024-47554)\"\n\n* Kafka: (com.google.protobuf:protobuf-java@3.23.4). Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users \"(CVE-2024-7254)\"\n\n\"Drain Cleaner: Awaiting Analysis(CVE-2024-29025)\"\n\n* Kroxylicoius: When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perform a Man-in-the-Middle attack or compromise any external systems, such as DNS or network routing configuration. \"(CVE-2024-8285)\"", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:9571", url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2272907", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2272907", }, { category: "external", summary: "2308606", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2308606", }, { category: "external", summary: "2313454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2313454", }, { category: "external", summary: "2316271", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316271", }, { category: "external", summary: "2318564", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2318564", }, { category: "external", summary: "2318565", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2318565", }, { category: "external", summary: "ASUI-91", url: "https://issues.redhat.com/browse/ASUI-91", }, { category: "external", summary: "ENTMQST-2632", url: "https://issues.redhat.com/browse/ENTMQST-2632", }, { category: "external", summary: "ENTMQST-3288", url: "https://issues.redhat.com/browse/ENTMQST-3288", }, { category: "external", summary: "ENTMQST-4019", url: "https://issues.redhat.com/browse/ENTMQST-4019", }, { category: "external", summary: "ENTMQST-5199", url: "https://issues.redhat.com/browse/ENTMQST-5199", }, { category: "external", summary: "ENTMQST-5669", url: "https://issues.redhat.com/browse/ENTMQST-5669", }, { category: "external", summary: "ENTMQST-5674", url: "https://issues.redhat.com/browse/ENTMQST-5674", }, { category: "external", summary: "ENTMQST-5740", url: "https://issues.redhat.com/browse/ENTMQST-5740", }, { category: "external", summary: "ENTMQST-5789", url: "https://issues.redhat.com/browse/ENTMQST-5789", }, { category: "external", summary: "ENTMQST-5843", url: "https://issues.redhat.com/browse/ENTMQST-5843", }, { category: "external", summary: "ENTMQST-5850", url: "https://issues.redhat.com/browse/ENTMQST-5850", }, { category: "external", summary: "ENTMQST-5863", url: "https://issues.redhat.com/browse/ENTMQST-5863", }, { category: "external", summary: "ENTMQST-5865", url: "https://issues.redhat.com/browse/ENTMQST-5865", }, { category: "external", summary: "ENTMQST-5915", url: "https://issues.redhat.com/browse/ENTMQST-5915", }, { category: "external", summary: "ENTMQST-6028", url: "https://issues.redhat.com/browse/ENTMQST-6028", }, { category: "external", summary: "ENTMQST-6032", url: "https://issues.redhat.com/browse/ENTMQST-6032", }, { category: "external", summary: "ENTMQST-6129", url: "https://issues.redhat.com/browse/ENTMQST-6129", }, { category: "external", summary: "ENTMQST-6183", url: "https://issues.redhat.com/browse/ENTMQST-6183", }, { category: "external", summary: "ENTMQST-6205", url: "https://issues.redhat.com/browse/ENTMQST-6205", }, { category: "external", summary: "ENTMQST-6225", url: "https://issues.redhat.com/browse/ENTMQST-6225", }, { category: "external", summary: "ENTMQST-6341", url: "https://issues.redhat.com/browse/ENTMQST-6341", }, { category: "external", summary: "ENTMQST-6421", url: "https://issues.redhat.com/browse/ENTMQST-6421", }, { category: "external", summary: "ENTMQST-6422", url: "https://issues.redhat.com/browse/ENTMQST-6422", }, { category: "external", summary: "ENTMQSTPR-43", url: "https://issues.redhat.com/browse/ENTMQSTPR-43", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9571.json", }, ], title: "Red Hat Security Advisory: Streams for Apache Kafka 2.8.0 release and security update", tracking: { current_release_date: "2025-03-28T11:01:17+00:00", generator: { date: "2025-03-28T11:01:17+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2024:9571", initial_release_date: "2024-11-13T16:21:03+00:00", revision_history: [ { date: "2024-11-13T16:21:03+00:00", number: "1", summary: "Initial version", }, { date: "2024-11-13T16:21:03+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-28T11:01:17+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Streams for Apache Kafka 2.8.0", product: { name: "Streams for Apache Kafka 2.8.0", product_id: "Streams for Apache Kafka 2.8.0", product_identification_helper: { cpe: "cpe:/a:redhat:amq_streams:2", }, }, }, ], category: "product_family", name: "Streams for Apache Kafka", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-7254", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-09-19T01:20:29.981665+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2313454", }, ], notes: [ { category: "description", text: "A flaw was found in Protocol Buffers (protobuf). This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion.", title: "Vulnerability description", }, { category: "summary", text: "protobuf: StackOverflow vulnerability in Protocol Buffers", title: "Vulnerability summary", }, { category: "other", text: "This issue represents a significant severity risk because unbounded recursion in Protocol Buffers parsing can be exploited to trigger stack overflows, leading to Denial of Service (DoS). When parsers, such as `DiscardUnknownFieldsParser` or the Java Protobuf Lite parser, encounter arbitrarily nested groups or deeply recursive map fields, the lack of recursion depth limits can result in uncontrolled stack growth. Attackers can craft malicious protobuf messages that deliberately exceed the stack's capacity, causing the application to crash or become unresponsive.\n\nThe protobuf package as shipped in RHEL does not include the affected java or kotlin bindings, therefore RHEL is Not Affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.8.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-7254", }, { category: "external", summary: "RHBZ#2313454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2313454", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-7254", url: "https://www.cve.org/CVERecord?id=CVE-2024-7254", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-7254", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-7254", }, { category: "external", summary: "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", url: "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", }, ], release_date: "2024-09-19T01:15:10.963000+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-13T16:21:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.8.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Streams for Apache Kafka 2.8.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Streams for Apache Kafka 2.8.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "protobuf: StackOverflow vulnerability in Protocol Buffers", }, { cve: "CVE-2024-8184", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-14T16:01:01.239238+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2318564", }, ], notes: [ { category: "description", text: "A flaw was found in Jetty's ThreadLimitHandler.getRemote(). This flaw allows unauthorized users to cause remote denial of service (DoS) attacks. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.", title: "Vulnerability description", }, { category: "summary", text: "org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is rated as moderate rather than important because it requires specific conditions to be met, including continuous, crafted requests that deliberately target memory allocation to exhaust resources. While it can cause a denial of service, it does not lead to direct compromise of sensitive data, unauthorized access, or code execution.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.8.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-8184", }, { category: "external", summary: "RHBZ#2318564", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2318564", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-8184", url: "https://www.cve.org/CVERecord?id=CVE-2024-8184", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-8184", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-8184", }, { category: "external", summary: "https://github.com/jetty/jetty.project/pull/11723", url: "https://github.com/jetty/jetty.project/pull/11723", }, { category: "external", summary: "https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq", url: "https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq", }, { category: "external", summary: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/30", url: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/30", }, ], release_date: "2024-10-14T15:09:37.861000+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-13T16:21:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.8.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Streams for Apache Kafka 2.8.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Streams for Apache Kafka 2.8.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks", }, { cve: "CVE-2024-8285", cwe: { id: "CWE-297", name: "Improper Validation of Certificate with Host Mismatch", }, discovery_date: "2024-08-29T22:39:10.882000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2308606", }, ], notes: [ { category: "description", text: "A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perform a Man-in-the-Middle attack or compromise any external systems, such as DNS or network routing configuration. This issue is considered a high complexity attack, with additional high privileges required, as the attack would need access to the Kroxylicious configuration or a peer system. The result of a successful attack impacts both data integrity and confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "kroxylicious: Missing upstream Kafka TLS hostname verification", title: "Vulnerability summary", }, { category: "other", text: "Red Hat have considered this vulnerability as a 'Moderate' severity given the complexity and the permission level required to perform a successful attacker.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.8.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-8285", }, { category: "external", summary: "RHBZ#2308606", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2308606", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-8285", url: "https://www.cve.org/CVERecord?id=CVE-2024-8285", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-8285", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-8285", }, ], release_date: "2024-08-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-13T16:21:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.8.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Streams for Apache Kafka 2.8.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Streams for Apache Kafka 2.8.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kroxylicious: Missing upstream Kafka TLS hostname verification", }, { cve: "CVE-2024-9823", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-14T16:01:06.545771+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2318565", }, ], notes: [ { category: "description", text: "A flaw was found in Jetty. The DosFilter can be exploited remotely by unauthorized users to trigger an out-of-memory condition by repeatedly sending specially crafted requests. This issue may cause a crash, leading to a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "org.eclipse.jetty:jetty-servlets: jetty: Jetty DOS vulnerability on DosFilter", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.8.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-9823", }, { category: "external", summary: "RHBZ#2318565", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2318565", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-9823", url: "https://www.cve.org/CVERecord?id=CVE-2024-9823", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-9823", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-9823", }, { category: "external", summary: "https://github.com/jetty/jetty.project/issues/1256", url: "https://github.com/jetty/jetty.project/issues/1256", }, { category: "external", summary: "https://github.com/jetty/jetty.project/security/advisories/GHSA-7hcf-ppf8-5w5h", url: "https://github.com/jetty/jetty.project/security/advisories/GHSA-7hcf-ppf8-5w5h", }, { category: "external", summary: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/39", url: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/39", }, ], release_date: "2024-10-14T15:03:02.293000+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-13T16:21:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.8.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Streams for Apache Kafka 2.8.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Streams for Apache Kafka 2.8.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "org.eclipse.jetty:jetty-servlets: jetty: Jetty DOS vulnerability on DosFilter", }, { cve: "CVE-2024-29025", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2024-04-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2272907", }, ], notes: [ { category: "description", text: "A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until it can decode a field, allowing data to accumulate without limits. This flaw allows an attacker to cause a denial of service by sending a chunked post consisting of many small fields that will be accumulated in the bodyListHttpData list.", title: "Vulnerability description", }, { category: "summary", text: "netty-codec-http: Allocation of Resources Without Limits or Throttling", title: "Vulnerability summary", }, { category: "other", text: "The vulnerability in io.netty:netty-codec-http, allowing for Allocation of Resources Without Limits or Throttling issues, is assessed as moderate severity due to its potential impact on system availability and performance. By exploiting the flaw in HttpPostRequestDecoder, an attacker can craft chunked POST requests with numerous small fields, causing excessive accumulation of data in memory buffers. This unrestricted accumulation can lead to significant memory consumption on the server, potentially exhausting available resources and resulting in denial of service (DoS) conditions.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.8.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29025", }, { category: "external", summary: "RHBZ#2272907", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2272907", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29025", url: "https://www.cve.org/CVERecord?id=CVE-2024-29025", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29025", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29025", }, { category: "external", summary: "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3", url: "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3", }, { category: "external", summary: "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c", url: "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v", url: "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812", url: "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812", }, ], release_date: "2024-03-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-13T16:21:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.8.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Streams for Apache Kafka 2.8.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Streams for Apache Kafka 2.8.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "netty-codec-http: Allocation of Resources Without Limits or Throttling", }, { cve: "CVE-2024-47554", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-03T12:00:40.921058+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316271", }, ], notes: [ { category: "description", text: "A vulnerability was found in the Apache Commons IO component in the org.apache.commons.io.input.XmlStreamReader class. Excessive CPU resource consumption can lead to a denial of service when an untrusted input is processed.", title: "Vulnerability description", }, { category: "summary", text: "apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.8.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47554", }, { category: "external", summary: "RHBZ#2316271", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316271", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47554", url: "https://www.cve.org/CVERecord?id=CVE-2024-47554", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47554", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47554", }, { category: "external", summary: "https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1", url: "https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1", }, ], release_date: "2024-10-03T11:32:48.936000+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-13T16:21:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.8.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9571", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Streams for Apache Kafka 2.8.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader", }, ], }
rhsa-2024:9571
Vulnerability from csaf_redhat
Published
2024-11-13 16:21
Modified
2025-03-28 11:01
Summary
Red Hat Security Advisory: Streams for Apache Kafka 2.8.0 release and security update
Notes
Topic
Streams for Apache Kafka 2.8.0 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Streams for Apache Kafka, based on the Apache Kafka project, offers a distributed
backbone that allows microservices and other applications to share data with
extremely high throughput and extremely low latency.
This release of Red Hat AMQ Streams 2.8.0 serves as a replacement for Red Hat
AMQ Streams 2.7.0, and includes security and bug fixes, and enhancements.
Security Fix(es):
* Zookeeper, Kafka, Cruise Control: org.eclipse.jetty/jetty-server: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks [amq-st-2]
"(CVE-2024-8184)"
* Zookeeper, Kafka : org.eclipse.jetty/jetty-servlets: Jetty DOS vulnerability on DosFilter [amq-st-2] "(CVE-2024-9823)"
* Zookeeper, Kafka, Drain Cleaner, Cruise Control: Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader "(CVE-2024-47554)"
* Kafka: (com.google.protobuf:protobuf-java@3.23.4). Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users "(CVE-2024-7254)"
"Drain Cleaner: Awaiting Analysis(CVE-2024-29025)"
* Kroxylicoius: When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perform a Man-in-the-Middle attack or compromise any external systems, such as DNS or network routing configuration. "(CVE-2024-8285)"
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Streams for Apache Kafka 2.8.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Streams for Apache Kafka, based on the Apache Kafka project, offers a distributed\nbackbone that allows microservices and other applications to share data with\nextremely high throughput and extremely low latency.\n\nThis release of Red Hat AMQ Streams 2.8.0 serves as a replacement for Red Hat\nAMQ Streams 2.7.0, and includes security and bug fixes, and enhancements.\n\nSecurity Fix(es):\n* Zookeeper, Kafka, Cruise Control: org.eclipse.jetty/jetty-server: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks [amq-st-2] \n\"(CVE-2024-8184)\"\n\n* Zookeeper, Kafka : org.eclipse.jetty/jetty-servlets: Jetty DOS vulnerability on DosFilter [amq-st-2] \"(CVE-2024-9823)\"\n\n* Zookeeper, Kafka, Drain Cleaner, Cruise Control: Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader \"(CVE-2024-47554)\"\n\n* Kafka: (com.google.protobuf:protobuf-java@3.23.4). Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users \"(CVE-2024-7254)\"\n\n\"Drain Cleaner: Awaiting Analysis(CVE-2024-29025)\"\n\n* Kroxylicoius: When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perform a Man-in-the-Middle attack or compromise any external systems, such as DNS or network routing configuration. \"(CVE-2024-8285)\"", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:9571", url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2272907", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2272907", }, { category: "external", summary: "2308606", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2308606", }, { category: "external", summary: "2313454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2313454", }, { category: "external", summary: "2316271", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316271", }, { category: "external", summary: "2318564", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2318564", }, { category: "external", summary: "2318565", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2318565", }, { category: "external", summary: "ASUI-91", url: "https://issues.redhat.com/browse/ASUI-91", }, { category: "external", summary: "ENTMQST-2632", url: "https://issues.redhat.com/browse/ENTMQST-2632", }, { category: "external", summary: "ENTMQST-3288", url: "https://issues.redhat.com/browse/ENTMQST-3288", }, { category: "external", summary: "ENTMQST-4019", url: "https://issues.redhat.com/browse/ENTMQST-4019", }, { category: "external", summary: "ENTMQST-5199", url: "https://issues.redhat.com/browse/ENTMQST-5199", }, { category: "external", summary: "ENTMQST-5669", url: "https://issues.redhat.com/browse/ENTMQST-5669", }, { category: "external", summary: "ENTMQST-5674", url: "https://issues.redhat.com/browse/ENTMQST-5674", }, { category: "external", summary: "ENTMQST-5740", url: "https://issues.redhat.com/browse/ENTMQST-5740", }, { category: "external", summary: "ENTMQST-5789", url: "https://issues.redhat.com/browse/ENTMQST-5789", }, { category: "external", summary: "ENTMQST-5843", url: "https://issues.redhat.com/browse/ENTMQST-5843", }, { category: "external", summary: "ENTMQST-5850", url: "https://issues.redhat.com/browse/ENTMQST-5850", }, { category: "external", summary: "ENTMQST-5863", url: "https://issues.redhat.com/browse/ENTMQST-5863", }, { category: "external", summary: "ENTMQST-5865", url: "https://issues.redhat.com/browse/ENTMQST-5865", }, { category: "external", summary: "ENTMQST-5915", url: "https://issues.redhat.com/browse/ENTMQST-5915", }, { category: "external", summary: "ENTMQST-6028", url: "https://issues.redhat.com/browse/ENTMQST-6028", }, { category: "external", summary: "ENTMQST-6032", url: "https://issues.redhat.com/browse/ENTMQST-6032", }, { category: "external", summary: "ENTMQST-6129", url: "https://issues.redhat.com/browse/ENTMQST-6129", }, { category: "external", summary: "ENTMQST-6183", url: "https://issues.redhat.com/browse/ENTMQST-6183", }, { category: "external", summary: "ENTMQST-6205", url: "https://issues.redhat.com/browse/ENTMQST-6205", }, { category: "external", summary: "ENTMQST-6225", url: "https://issues.redhat.com/browse/ENTMQST-6225", }, { category: "external", summary: "ENTMQST-6341", url: "https://issues.redhat.com/browse/ENTMQST-6341", }, { category: "external", summary: "ENTMQST-6421", url: "https://issues.redhat.com/browse/ENTMQST-6421", }, { category: "external", summary: "ENTMQST-6422", url: "https://issues.redhat.com/browse/ENTMQST-6422", }, { category: "external", summary: "ENTMQSTPR-43", url: "https://issues.redhat.com/browse/ENTMQSTPR-43", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9571.json", }, ], title: "Red Hat Security Advisory: Streams for Apache Kafka 2.8.0 release and security update", tracking: { current_release_date: "2025-03-28T11:01:17+00:00", generator: { date: "2025-03-28T11:01:17+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2024:9571", initial_release_date: "2024-11-13T16:21:03+00:00", revision_history: [ { date: "2024-11-13T16:21:03+00:00", number: "1", summary: "Initial version", }, { date: "2024-11-13T16:21:03+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-28T11:01:17+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Streams for Apache Kafka 2.8.0", product: { name: "Streams for Apache Kafka 2.8.0", product_id: "Streams for Apache Kafka 2.8.0", product_identification_helper: { cpe: "cpe:/a:redhat:amq_streams:2", }, }, }, ], category: "product_family", name: "Streams for Apache Kafka", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-7254", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-09-19T01:20:29.981665+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2313454", }, ], notes: [ { category: "description", text: "A flaw was found in Protocol Buffers (protobuf). This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion.", title: "Vulnerability description", }, { category: "summary", text: "protobuf: StackOverflow vulnerability in Protocol Buffers", title: "Vulnerability summary", }, { category: "other", text: "This issue represents a significant severity risk because unbounded recursion in Protocol Buffers parsing can be exploited to trigger stack overflows, leading to Denial of Service (DoS). When parsers, such as `DiscardUnknownFieldsParser` or the Java Protobuf Lite parser, encounter arbitrarily nested groups or deeply recursive map fields, the lack of recursion depth limits can result in uncontrolled stack growth. Attackers can craft malicious protobuf messages that deliberately exceed the stack's capacity, causing the application to crash or become unresponsive.\n\nThe protobuf package as shipped in RHEL does not include the affected java or kotlin bindings, therefore RHEL is Not Affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.8.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-7254", }, { category: "external", summary: "RHBZ#2313454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2313454", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-7254", url: "https://www.cve.org/CVERecord?id=CVE-2024-7254", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-7254", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-7254", }, { category: "external", summary: "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", url: "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", }, ], release_date: "2024-09-19T01:15:10.963000+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-13T16:21:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.8.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Streams for Apache Kafka 2.8.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Streams for Apache Kafka 2.8.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "protobuf: StackOverflow vulnerability in Protocol Buffers", }, { cve: "CVE-2024-8184", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-14T16:01:01.239238+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2318564", }, ], notes: [ { category: "description", text: "A flaw was found in Jetty's ThreadLimitHandler.getRemote(). This flaw allows unauthorized users to cause remote denial of service (DoS) attacks. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.", title: "Vulnerability description", }, { category: "summary", text: "org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is rated as moderate rather than important because it requires specific conditions to be met, including continuous, crafted requests that deliberately target memory allocation to exhaust resources. While it can cause a denial of service, it does not lead to direct compromise of sensitive data, unauthorized access, or code execution.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.8.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-8184", }, { category: "external", summary: "RHBZ#2318564", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2318564", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-8184", url: "https://www.cve.org/CVERecord?id=CVE-2024-8184", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-8184", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-8184", }, { category: "external", summary: "https://github.com/jetty/jetty.project/pull/11723", url: "https://github.com/jetty/jetty.project/pull/11723", }, { category: "external", summary: "https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq", url: "https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq", }, { category: "external", summary: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/30", url: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/30", }, ], release_date: "2024-10-14T15:09:37.861000+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-13T16:21:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.8.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Streams for Apache Kafka 2.8.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Streams for Apache Kafka 2.8.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks", }, { cve: "CVE-2024-8285", cwe: { id: "CWE-297", name: "Improper Validation of Certificate with Host Mismatch", }, discovery_date: "2024-08-29T22:39:10.882000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2308606", }, ], notes: [ { category: "description", text: "A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perform a Man-in-the-Middle attack or compromise any external systems, such as DNS or network routing configuration. This issue is considered a high complexity attack, with additional high privileges required, as the attack would need access to the Kroxylicious configuration or a peer system. The result of a successful attack impacts both data integrity and confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "kroxylicious: Missing upstream Kafka TLS hostname verification", title: "Vulnerability summary", }, { category: "other", text: "Red Hat have considered this vulnerability as a 'Moderate' severity given the complexity and the permission level required to perform a successful attacker.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.8.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-8285", }, { category: "external", summary: "RHBZ#2308606", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2308606", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-8285", url: "https://www.cve.org/CVERecord?id=CVE-2024-8285", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-8285", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-8285", }, ], release_date: "2024-08-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-13T16:21:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.8.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Streams for Apache Kafka 2.8.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Streams for Apache Kafka 2.8.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kroxylicious: Missing upstream Kafka TLS hostname verification", }, { cve: "CVE-2024-9823", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-14T16:01:06.545771+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2318565", }, ], notes: [ { category: "description", text: "A flaw was found in Jetty. The DosFilter can be exploited remotely by unauthorized users to trigger an out-of-memory condition by repeatedly sending specially crafted requests. This issue may cause a crash, leading to a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "org.eclipse.jetty:jetty-servlets: jetty: Jetty DOS vulnerability on DosFilter", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.8.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-9823", }, { category: "external", summary: "RHBZ#2318565", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2318565", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-9823", url: "https://www.cve.org/CVERecord?id=CVE-2024-9823", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-9823", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-9823", }, { category: "external", summary: "https://github.com/jetty/jetty.project/issues/1256", url: "https://github.com/jetty/jetty.project/issues/1256", }, { category: "external", summary: "https://github.com/jetty/jetty.project/security/advisories/GHSA-7hcf-ppf8-5w5h", url: "https://github.com/jetty/jetty.project/security/advisories/GHSA-7hcf-ppf8-5w5h", }, { category: "external", summary: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/39", url: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/39", }, ], release_date: "2024-10-14T15:03:02.293000+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-13T16:21:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.8.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Streams for Apache Kafka 2.8.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Streams for Apache Kafka 2.8.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "org.eclipse.jetty:jetty-servlets: jetty: Jetty DOS vulnerability on DosFilter", }, { cve: "CVE-2024-29025", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2024-04-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2272907", }, ], notes: [ { category: "description", text: "A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until it can decode a field, allowing data to accumulate without limits. This flaw allows an attacker to cause a denial of service by sending a chunked post consisting of many small fields that will be accumulated in the bodyListHttpData list.", title: "Vulnerability description", }, { category: "summary", text: "netty-codec-http: Allocation of Resources Without Limits or Throttling", title: "Vulnerability summary", }, { category: "other", text: "The vulnerability in io.netty:netty-codec-http, allowing for Allocation of Resources Without Limits or Throttling issues, is assessed as moderate severity due to its potential impact on system availability and performance. By exploiting the flaw in HttpPostRequestDecoder, an attacker can craft chunked POST requests with numerous small fields, causing excessive accumulation of data in memory buffers. This unrestricted accumulation can lead to significant memory consumption on the server, potentially exhausting available resources and resulting in denial of service (DoS) conditions.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.8.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29025", }, { category: "external", summary: "RHBZ#2272907", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2272907", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29025", url: "https://www.cve.org/CVERecord?id=CVE-2024-29025", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29025", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29025", }, { category: "external", summary: "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3", url: "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3", }, { category: "external", summary: "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c", url: "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v", url: "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812", url: "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812", }, ], release_date: "2024-03-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-13T16:21:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.8.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Streams for Apache Kafka 2.8.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Streams for Apache Kafka 2.8.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "netty-codec-http: Allocation of Resources Without Limits or Throttling", }, { cve: "CVE-2024-47554", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-03T12:00:40.921058+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316271", }, ], notes: [ { category: "description", text: "A vulnerability was found in the Apache Commons IO component in the org.apache.commons.io.input.XmlStreamReader class. Excessive CPU resource consumption can lead to a denial of service when an untrusted input is processed.", title: "Vulnerability description", }, { category: "summary", text: "apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.8.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47554", }, { category: "external", summary: "RHBZ#2316271", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316271", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47554", url: "https://www.cve.org/CVERecord?id=CVE-2024-47554", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47554", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47554", }, { category: "external", summary: "https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1", url: "https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1", }, ], release_date: "2024-10-03T11:32:48.936000+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-13T16:21:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.8.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9571", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Streams for Apache Kafka 2.8.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader", }, ], }
rhsa-2024_9571
Vulnerability from csaf_redhat
Published
2024-11-13 16:21
Modified
2024-12-17 08:38
Summary
Red Hat Security Advisory: Streams for Apache Kafka 2.8.0 release and security update
Notes
Topic
Streams for Apache Kafka 2.8.0 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Streams for Apache Kafka, based on the Apache Kafka project, offers a distributed
backbone that allows microservices and other applications to share data with
extremely high throughput and extremely low latency.
This release of Red Hat AMQ Streams 2.8.0 serves as a replacement for Red Hat
AMQ Streams 2.7.0, and includes security and bug fixes, and enhancements.
Security Fix(es):
* Zookeeper, Kafka, Cruise Control: org.eclipse.jetty/jetty-server: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks [amq-st-2]
"(CVE-2024-8184)"
* Zookeeper, Kafka : org.eclipse.jetty/jetty-servlets: Jetty DOS vulnerability on DosFilter [amq-st-2] "(CVE-2024-9823)"
* Zookeeper, Kafka, Drain Cleaner, Cruise Control: Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader "(CVE-2024-47554)"
* Kafka: (com.google.protobuf:protobuf-java@3.23.4). Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users "(CVE-2024-7254)"
"Drain Cleaner: Awaiting Analysis(CVE-2024-29025)"
* Kroxylicoius: When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perform a Man-in-the-Middle attack or compromise any external systems, such as DNS or network routing configuration. "(CVE-2024-8285)"
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Streams for Apache Kafka 2.8.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Streams for Apache Kafka, based on the Apache Kafka project, offers a distributed\nbackbone that allows microservices and other applications to share data with\nextremely high throughput and extremely low latency.\n\nThis release of Red Hat AMQ Streams 2.8.0 serves as a replacement for Red Hat\nAMQ Streams 2.7.0, and includes security and bug fixes, and enhancements.\n\nSecurity Fix(es):\n* Zookeeper, Kafka, Cruise Control: org.eclipse.jetty/jetty-server: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks [amq-st-2] \n\"(CVE-2024-8184)\"\n\n* Zookeeper, Kafka : org.eclipse.jetty/jetty-servlets: Jetty DOS vulnerability on DosFilter [amq-st-2] \"(CVE-2024-9823)\"\n\n* Zookeeper, Kafka, Drain Cleaner, Cruise Control: Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader \"(CVE-2024-47554)\"\n\n* Kafka: (com.google.protobuf:protobuf-java@3.23.4). Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users \"(CVE-2024-7254)\"\n\n\"Drain Cleaner: Awaiting Analysis(CVE-2024-29025)\"\n\n* Kroxylicoius: When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perform a Man-in-the-Middle attack or compromise any external systems, such as DNS or network routing configuration. \"(CVE-2024-8285)\"", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:9571", url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2272907", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2272907", }, { category: "external", summary: "2308606", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2308606", }, { category: "external", summary: "2313454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2313454", }, { category: "external", summary: "2316271", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316271", }, { category: "external", summary: "2318564", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2318564", }, { category: "external", summary: "2318565", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2318565", }, { category: "external", summary: "ASUI-91", url: "https://issues.redhat.com/browse/ASUI-91", }, { category: "external", summary: "ENTMQST-2632", url: "https://issues.redhat.com/browse/ENTMQST-2632", }, { category: "external", summary: "ENTMQST-3288", url: "https://issues.redhat.com/browse/ENTMQST-3288", }, { category: "external", summary: "ENTMQST-4019", url: "https://issues.redhat.com/browse/ENTMQST-4019", }, { category: "external", summary: "ENTMQST-5199", url: "https://issues.redhat.com/browse/ENTMQST-5199", }, { category: "external", summary: "ENTMQST-5669", url: "https://issues.redhat.com/browse/ENTMQST-5669", }, { category: "external", summary: "ENTMQST-5674", url: "https://issues.redhat.com/browse/ENTMQST-5674", }, { category: "external", summary: "ENTMQST-5740", url: "https://issues.redhat.com/browse/ENTMQST-5740", }, { category: "external", summary: "ENTMQST-5789", url: "https://issues.redhat.com/browse/ENTMQST-5789", }, { category: "external", summary: "ENTMQST-5843", url: "https://issues.redhat.com/browse/ENTMQST-5843", }, { category: "external", summary: "ENTMQST-5850", url: "https://issues.redhat.com/browse/ENTMQST-5850", }, { category: "external", summary: "ENTMQST-5863", url: "https://issues.redhat.com/browse/ENTMQST-5863", }, { category: "external", summary: "ENTMQST-5865", url: "https://issues.redhat.com/browse/ENTMQST-5865", }, { category: "external", summary: "ENTMQST-5915", url: "https://issues.redhat.com/browse/ENTMQST-5915", }, { category: "external", summary: "ENTMQST-6028", url: "https://issues.redhat.com/browse/ENTMQST-6028", }, { category: "external", summary: "ENTMQST-6032", url: "https://issues.redhat.com/browse/ENTMQST-6032", }, { category: "external", summary: "ENTMQST-6129", url: "https://issues.redhat.com/browse/ENTMQST-6129", }, { category: "external", summary: "ENTMQST-6183", url: "https://issues.redhat.com/browse/ENTMQST-6183", }, { category: "external", summary: "ENTMQST-6205", url: "https://issues.redhat.com/browse/ENTMQST-6205", }, { category: "external", summary: "ENTMQST-6225", url: "https://issues.redhat.com/browse/ENTMQST-6225", }, { category: "external", summary: "ENTMQST-6341", url: "https://issues.redhat.com/browse/ENTMQST-6341", }, { category: "external", summary: "ENTMQST-6421", url: "https://issues.redhat.com/browse/ENTMQST-6421", }, { category: "external", summary: "ENTMQST-6422", url: "https://issues.redhat.com/browse/ENTMQST-6422", }, { category: "external", summary: "ENTMQSTPR-43", url: "https://issues.redhat.com/browse/ENTMQSTPR-43", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9571.json", }, ], title: "Red Hat Security Advisory: Streams for Apache Kafka 2.8.0 release and security update", tracking: { current_release_date: "2024-12-17T08:38:18+00:00", generator: { date: "2024-12-17T08:38:18+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2024:9571", initial_release_date: "2024-11-13T16:21:03+00:00", revision_history: [ { date: "2024-11-13T16:21:03+00:00", number: "1", summary: "Initial version", }, { date: "2024-11-13T16:21:03+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-17T08:38:18+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Streams for Apache Kafka 2.8.0", product: { name: "Streams for Apache Kafka 2.8.0", product_id: "Streams for Apache Kafka 2.8.0", product_identification_helper: { cpe: "cpe:/a:redhat:amq_streams:2", }, }, }, ], category: "product_family", name: "Streams for Apache Kafka", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2024-7254", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-09-19T01:20:29.981665+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2313454", }, ], notes: [ { category: "description", text: "A flaw was found in Protocol Buffers (protobuf). This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion.", title: "Vulnerability description", }, { category: "summary", text: "protobuf: StackOverflow vulnerability in Protocol Buffers", title: "Vulnerability summary", }, { category: "other", text: "This issue represents a significant severity risk because unbounded recursion in Protocol Buffers parsing can be exploited to trigger stack overflows, leading to Denial of Service (DoS). When parsers, such as `DiscardUnknownFieldsParser` or the Java Protobuf Lite parser, encounter arbitrarily nested groups or deeply recursive map fields, the lack of recursion depth limits can result in uncontrolled stack growth. Attackers can craft malicious protobuf messages that deliberately exceed the stack's capacity, causing the application to crash or become unresponsive.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.8.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-7254", }, { category: "external", summary: "RHBZ#2313454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2313454", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-7254", url: "https://www.cve.org/CVERecord?id=CVE-2024-7254", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-7254", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-7254", }, { category: "external", summary: "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", url: "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", }, ], release_date: "2024-09-19T01:15:10.963000+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-13T16:21:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.8.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Streams for Apache Kafka 2.8.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Streams for Apache Kafka 2.8.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "protobuf: StackOverflow vulnerability in Protocol Buffers", }, { cve: "CVE-2024-8184", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-14T16:01:01.239238+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2318564", }, ], notes: [ { category: "description", text: "A flaw was found in Jetty's ThreadLimitHandler.getRemote(). This flaw allows unauthorized users to cause remote denial of service (DoS) attacks. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.", title: "Vulnerability description", }, { category: "summary", text: "org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is rated as moderate rather than important because it requires specific conditions to be met, including continuous, crafted requests that deliberately target memory allocation to exhaust resources. While it can cause a denial of service, it does not lead to direct compromise of sensitive data, unauthorized access, or code execution.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.8.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-8184", }, { category: "external", summary: "RHBZ#2318564", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2318564", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-8184", url: "https://www.cve.org/CVERecord?id=CVE-2024-8184", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-8184", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-8184", }, { category: "external", summary: "https://github.com/jetty/jetty.project/pull/11723", url: "https://github.com/jetty/jetty.project/pull/11723", }, { category: "external", summary: "https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq", url: "https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq", }, { category: "external", summary: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/30", url: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/30", }, ], release_date: "2024-10-14T15:09:37.861000+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-13T16:21:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.8.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Streams for Apache Kafka 2.8.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Streams for Apache Kafka 2.8.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks", }, { cve: "CVE-2024-8285", cwe: { id: "CWE-297", name: "Improper Validation of Certificate with Host Mismatch", }, discovery_date: "2024-08-29T22:39:10.882000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2308606", }, ], notes: [ { category: "description", text: "A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perform a Man-in-the-Middle attack or compromise any external systems, such as DNS or network routing configuration. This issue is considered a high complexity attack, with additional high privileges required, as the attack would need access to the Kroxylicious configuration or a peer system. The result of a successful attack impacts both data integrity and confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "kroxylicious: Missing upstream Kafka TLS hostname verification", title: "Vulnerability summary", }, { category: "other", text: "Red Hat have considered this vulnerability as a 'Moderate' severity given the complexity and the permission level required to perform a successful attacker.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.8.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-8285", }, { category: "external", summary: "RHBZ#2308606", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2308606", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-8285", url: "https://www.cve.org/CVERecord?id=CVE-2024-8285", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-8285", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-8285", }, ], release_date: "2024-08-27T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-13T16:21:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.8.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Streams for Apache Kafka 2.8.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "Streams for Apache Kafka 2.8.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kroxylicious: Missing upstream Kafka TLS hostname verification", }, { cve: "CVE-2024-9823", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-14T16:01:06.545771+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2318565", }, ], notes: [ { category: "description", text: "A flaw was found in Jetty. The DosFilter can be exploited remotely by unauthorized users to trigger an out-of-memory condition by repeatedly sending specially crafted requests. This issue may cause a crash, leading to a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "org.eclipse.jetty:jetty-servlets: jetty: Jetty DOS vulnerability on DosFilter", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.8.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-9823", }, { category: "external", summary: "RHBZ#2318565", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2318565", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-9823", url: "https://www.cve.org/CVERecord?id=CVE-2024-9823", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-9823", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-9823", }, { category: "external", summary: "https://github.com/jetty/jetty.project/issues/1256", url: "https://github.com/jetty/jetty.project/issues/1256", }, { category: "external", summary: "https://github.com/jetty/jetty.project/security/advisories/GHSA-7hcf-ppf8-5w5h", url: "https://github.com/jetty/jetty.project/security/advisories/GHSA-7hcf-ppf8-5w5h", }, { category: "external", summary: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/39", url: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/39", }, ], release_date: "2024-10-14T15:03:02.293000+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-13T16:21:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.8.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Streams for Apache Kafka 2.8.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Streams for Apache Kafka 2.8.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "org.eclipse.jetty:jetty-servlets: jetty: Jetty DOS vulnerability on DosFilter", }, { cve: "CVE-2024-29025", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2024-04-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2272907", }, ], notes: [ { category: "description", text: "A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until it can decode a field, allowing data to accumulate without limits. This flaw allows an attacker to cause a denial of service by sending a chunked post consisting of many small fields that will be accumulated in the bodyListHttpData list.", title: "Vulnerability description", }, { category: "summary", text: "netty-codec-http: Allocation of Resources Without Limits or Throttling", title: "Vulnerability summary", }, { category: "other", text: "The vulnerability in io.netty:netty-codec-http, allowing for Allocation of Resources Without Limits or Throttling issues, is assessed as moderate severity due to its potential impact on system availability and performance. By exploiting the flaw in HttpPostRequestDecoder, an attacker can craft chunked POST requests with numerous small fields, causing excessive accumulation of data in memory buffers. This unrestricted accumulation can lead to significant memory consumption on the server, potentially exhausting available resources and resulting in denial of service (DoS) conditions.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.8.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-29025", }, { category: "external", summary: "RHBZ#2272907", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2272907", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-29025", url: "https://www.cve.org/CVERecord?id=CVE-2024-29025", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-29025", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29025", }, { category: "external", summary: "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3", url: "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3", }, { category: "external", summary: "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c", url: "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v", url: "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812", url: "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812", }, ], release_date: "2024-03-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-13T16:21:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.8.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Streams for Apache Kafka 2.8.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Streams for Apache Kafka 2.8.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "netty-codec-http: Allocation of Resources Without Limits or Throttling", }, { cve: "CVE-2024-47554", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-03T12:00:40.921058+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316271", }, ], notes: [ { category: "description", text: "A vulnerability was found in the Apache Commons IO component in the org.apache.commons.io.input.XmlStreamReader class. Excessive CPU resource consumption can lead to a denial of service when an untrusted input is processed.", title: "Vulnerability description", }, { category: "summary", text: "apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.8.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47554", }, { category: "external", summary: "RHBZ#2316271", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316271", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47554", url: "https://www.cve.org/CVERecord?id=CVE-2024-47554", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47554", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47554", }, { category: "external", summary: "https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1", url: "https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1", }, ], release_date: "2024-10-03T11:32:48.936000+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-13T16:21:03+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.8.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:9571", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Streams for Apache Kafka 2.8.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader", }, ], }
rhsa-2025:2416
Vulnerability from csaf_redhat
Published
2025-03-05 20:59
Modified
2025-03-27 22:30
Summary
Red Hat Security Advisory: Streams for Apache Kafka 2.9.0 release and security update
Notes
Topic
Streams for Apache Kafka 2.9.0 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Streams for Apache Kafka, based on the Apache Kafka project, offers a distributed
backbone that allows microservices and other applications to share data with
extremely high throughput and extremely low latency.
This release of Red Hat Streams for Apache Kafka 2.9.0 serves as a replacement for Red Hat Streams for Apache Kafka 2.8.0, and includes security and bug fixes, and enhancements.
Security Fix(es):
* Cruise Control:cio.netty:netty-common:4.1.115.Final-redhat [amq-st-2] "(CVE-2023-52428)"
* Cruise Control:com.nimbusds:nimbus-jose-jwt:9.37.2.redhat [amq-st-2] "(CVE-2024-47535)"
* Cruise Control:org.apache.kafka:kafka-clients:3.5.2.redhat+ [amq-st-2] "(CVE-2024-31141)"
* Cruise Control:io:commons-io:2.15.1.redhat+ [amq-st-2] "(CVE-2024-47554)"
* Cruise Control:org.eclipse.jetty:jetty-server:9.4.56.v20240826-redhat+ [amq-st-2] "(CVE-2024-8184)"
* Cruise Control:org.eclipse.jetty/jetty-server: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks [amq-st-2] "(CVE-2024-8184)"
* Kafka Exporter:golang-github-danielqsj-kafka_exporter: Golang FIPS zeroed buffer [amq-st-2] "(CVE-2024-9355)"
* Kafka Exporter:golang-github-danielqsj-kafka_exporter: net/http: Denial of service due to improper 100-continue handling in net/http [amq-st-2] "(CVE-2024-24791)"
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Streams for Apache Kafka 2.9.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Streams for Apache Kafka, based on the Apache Kafka project, offers a distributed\nbackbone that allows microservices and other applications to share data with\nextremely high throughput and extremely low latency.\n\nThis release of Red Hat Streams for Apache Kafka 2.9.0 serves as a replacement for Red Hat Streams for Apache Kafka 2.8.0, and includes security and bug fixes, and enhancements.\n\nSecurity Fix(es):\n* Cruise Control:cio.netty:netty-common:4.1.115.Final-redhat [amq-st-2] \"(CVE-2023-52428)\"\n\n* Cruise Control:com.nimbusds:nimbus-jose-jwt:9.37.2.redhat [amq-st-2] \"(CVE-2024-47535)\"\n\n* Cruise Control:org.apache.kafka:kafka-clients:3.5.2.redhat+ [amq-st-2] \"(CVE-2024-31141)\"\n\n* Cruise Control:io:commons-io:2.15.1.redhat+ [amq-st-2] \"(CVE-2024-47554)\"\n\n* Cruise Control:org.eclipse.jetty:jetty-server:9.4.56.v20240826-redhat+ [amq-st-2] \"(CVE-2024-8184)\"\n\n* Cruise Control:org.eclipse.jetty/jetty-server: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks [amq-st-2] \"(CVE-2024-8184)\"\n\n* Kafka Exporter:golang-github-danielqsj-kafka_exporter: Golang FIPS zeroed buffer [amq-st-2] \"(CVE-2024-9355)\"\n\n* Kafka Exporter:golang-github-danielqsj-kafka_exporter: net/http: Denial of service due to improper 100-continue handling in net/http [amq-st-2] \"(CVE-2024-24791)\"", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2025:2416", url: "https://access.redhat.com/errata/RHSA-2025:2416", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2295310", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", }, { category: "external", summary: "2309764", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2309764", }, { category: "external", summary: "2315719", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", }, { category: "external", summary: "2316271", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316271", }, { category: "external", summary: "2318564", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2318564", }, { category: "external", summary: "2325538", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2325538", }, { category: "external", summary: "2327264", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2327264", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_2416.json", }, ], title: "Red Hat Security Advisory: Streams for Apache Kafka 2.9.0 release and security update", tracking: { current_release_date: "2025-03-27T22:30:03+00:00", generator: { date: "2025-03-27T22:30:03+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2025:2416", initial_release_date: "2025-03-05T20:59:06+00:00", revision_history: [ { date: "2025-03-05T20:59:06+00:00", number: "1", summary: "Initial version", }, { date: "2025-03-05T20:59:06+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-27T22:30:03+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Streams for Apache Kafka 2.9.0", product: { name: "Streams for Apache Kafka 2.9.0", product_id: "Streams for Apache Kafka 2.9.0", product_identification_helper: { cpe: "cpe:/a:redhat:amq_streams:2", }, }, }, ], category: "product_family", name: "Streams for Apache Kafka", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2023-52428", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-09-04T17:02:58.468000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2309764", }, ], notes: [ { category: "description", text: "A vulnerability was found in the Nimbus Jose JWT package. This issue could allow an attacker to use a malicious large JWE p2c header value for PasswordBasedDecrypter and cause a Denial of Service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "nimbus-jose-jwt: large JWE p2c header value causes Denial of Service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.9.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-52428", }, { category: "external", summary: "RHBZ#2309764", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2309764", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-52428", url: "https://www.cve.org/CVERecord?id=CVE-2023-52428", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-52428", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-52428", }, ], release_date: "2024-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2025-03-05T20:59:06+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.9.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:2416", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Streams for Apache Kafka 2.9.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "nimbus-jose-jwt: large JWE p2c header value causes Denial of Service", }, { cve: "CVE-2024-8184", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-14T16:01:01.239238+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2318564", }, ], notes: [ { category: "description", text: "A flaw was found in Jetty's ThreadLimitHandler.getRemote(). This flaw allows unauthorized users to cause remote denial of service (DoS) attacks. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.", title: "Vulnerability description", }, { category: "summary", text: "org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is rated as moderate rather than important because it requires specific conditions to be met, including continuous, crafted requests that deliberately target memory allocation to exhaust resources. While it can cause a denial of service, it does not lead to direct compromise of sensitive data, unauthorized access, or code execution.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.9.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-8184", }, { category: "external", summary: "RHBZ#2318564", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2318564", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-8184", url: "https://www.cve.org/CVERecord?id=CVE-2024-8184", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-8184", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-8184", }, { category: "external", summary: "https://github.com/jetty/jetty.project/pull/11723", url: "https://github.com/jetty/jetty.project/pull/11723", }, { category: "external", summary: "https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq", url: "https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq", }, { category: "external", summary: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/30", url: "https://gitlab.eclipse.org/security/cve-assignement/-/issues/30", }, ], release_date: "2024-10-14T15:09:37.861000+00:00", remediations: [ { category: "vendor_fix", date: "2025-03-05T20:59:06+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.9.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:2416", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Streams for Apache Kafka 2.9.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Streams for Apache Kafka 2.9.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks", }, { acknowledgments: [ { names: [ "David Benoit", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2024-9355", cwe: { id: "CWE-457", name: "Use of Uninitialized Variable", }, discovery_date: "2024-09-30T17:51:17.811000+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2315719", }, ], notes: [ { category: "description", text: "A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack.", title: "Vulnerability description", }, { category: "summary", text: "golang-fips: Golang FIPS zeroed buffer", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.9.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-9355", }, { category: "external", summary: "RHBZ#2315719", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-9355", url: "https://www.cve.org/CVERecord?id=CVE-2024-9355", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-9355", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-9355", }, ], release_date: "2024-09-30T20:53:42.833000+00:00", remediations: [ { category: "vendor_fix", date: "2025-03-05T20:59:06+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.9.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:2416", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Streams for Apache Kafka 2.9.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, products: [ "Streams for Apache Kafka 2.9.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang-fips: Golang FIPS zeroed buffer", }, { cve: "CVE-2024-24791", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2024-07-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2295310", }, ], notes: [ { category: "description", text: "A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "net/http: Denial of service due to improper 100-continue handling in net/http", title: "Vulnerability summary", }, { category: "other", text: "An attacker would need to control a malicious server and induce a client to connect to it, requiring some amount of preparation outside of the attacker's control. This reduces the severity score of this flaw to Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.9.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-24791", }, { category: "external", summary: "RHBZ#2295310", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-24791", url: "https://www.cve.org/CVERecord?id=CVE-2024-24791", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-24791", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24791", }, { category: "external", summary: "https://go.dev/cl/591255", url: "https://go.dev/cl/591255", }, { category: "external", summary: "https://go.dev/issue/67555", url: "https://go.dev/issue/67555", }, { category: "external", summary: "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ", url: "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ", }, ], release_date: "2024-07-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2025-03-05T20:59:06+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.9.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:2416", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Streams for Apache Kafka 2.9.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Streams for Apache Kafka 2.9.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "net/http: Denial of service due to improper 100-continue handling in net/http", }, { cve: "CVE-2024-31141", cwe: { id: "CWE-552", name: "Files or Directories Accessible to External Parties", }, discovery_date: "2024-11-19T09:00:35.857468+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2327264", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Kafka Clients. Apache Kafka Clients accepts configuration data for customizing behavior and includes ConfigProvider plugins to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider implementations, which include the ability to read from disk or environment variables. In applications where an untrusted party can specify Apache Kafka Clients configurations, attackers may use these ConfigProviders to read arbitrary contents of the disk and environment variables.", title: "Vulnerability description", }, { category: "summary", text: "kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.9.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-31141", }, { category: "external", summary: "RHBZ#2327264", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2327264", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-31141", url: "https://www.cve.org/CVERecord?id=CVE-2024-31141", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-31141", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-31141", }, { category: "external", summary: "https://lists.apache.org/thread/9whdzfr0zwdhr364604w5ssnzmg4v2lv", url: "https://lists.apache.org/thread/9whdzfr0zwdhr364604w5ssnzmg4v2lv", }, ], release_date: "2024-11-19T08:40:50.695000+00:00", remediations: [ { category: "vendor_fix", date: "2025-03-05T20:59:06+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.9.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:2416", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Streams for Apache Kafka 2.9.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider", }, { cve: "CVE-2024-47535", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-11-12T16:01:18.772613+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2325538", }, ], notes: [ { category: "description", text: "A flaw was found in Netty. An unsafe reading of the environment file could potentially cause a denial of service. When loaded on a Windows application, Netty attempts to load a file that does not exist. If an attacker creates a large file, the Netty application crashes.", title: "Vulnerability description", }, { category: "summary", text: "netty: Denial of Service attack on windows app using Netty", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.9.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47535", }, { category: "external", summary: "RHBZ#2325538", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2325538", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47535", url: "https://www.cve.org/CVERecord?id=CVE-2024-47535", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47535", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47535", }, { category: "external", summary: "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3", url: "https://github.com/netty/netty/commit/fbf7a704a82e7449b48bd0bbb679f5661c6d61a3", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv", url: "https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv", }, ], release_date: "2024-11-12T15:50:08.334000+00:00", remediations: [ { category: "vendor_fix", date: "2025-03-05T20:59:06+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.9.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:2416", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Streams for Apache Kafka 2.9.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "netty: Denial of Service attack on windows app using Netty", }, { cve: "CVE-2024-47554", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-03T12:00:40.921058+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2316271", }, ], notes: [ { category: "description", text: "A vulnerability was found in the Apache Commons IO component in the org.apache.commons.io.input.XmlStreamReader class. Excessive CPU resource consumption can lead to a denial of service when an untrusted input is processed.", title: "Vulnerability description", }, { category: "summary", text: "apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Streams for Apache Kafka 2.9.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-47554", }, { category: "external", summary: "RHBZ#2316271", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316271", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-47554", url: "https://www.cve.org/CVERecord?id=CVE-2024-47554", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-47554", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47554", }, { category: "external", summary: "https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1", url: "https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1", }, ], release_date: "2024-10-03T11:32:48.936000+00:00", remediations: [ { category: "vendor_fix", date: "2025-03-05T20:59:06+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Streams for Apache Kafka 2.9.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:2416", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Streams for Apache Kafka 2.9.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader", }, ], }
ncsc-2025-0027
Vulnerability from csaf_ncscnl
Published
2025-01-22 13:36
Modified
2025-01-22 13:36
Summary
Kwetsbaarheden verholpen in Oracle Fusion Middleware
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft meerdere kwetsbaarheden verholpen in zijn producten, waaronder Oracle Fusion Middleware, Oracle WebLogic Server, en Oracle HTTP Server.
Interpretaties
De kwetsbaarheden bevinden zich in verschillende Oracle producten, waaronder Oracle WebLogic Server versies 12.2.1.4.0 en 14.1.1.0.0, die het mogelijk maken voor ongeauthenticeerde kwaadwillenden om toegang te krijgen tot kritieke gegevens. Dit kan leiden tot ernstige gevolgen voor de vertrouwelijkheid, integriteit en beschikbaarheid van de systemen. De kwetsbaarheid in Oracle HTTP Server versie 12.2.1.4.0 stelt kwaadwillenden in staat om ongeautoriseerde toegang te verkrijgen, met een CVSS-score van 5.3, terwijl de kwetsbaarheid in WebLogic Server een CVSS-score van 9.8 heeft, wat wijst op een kritieke impact. Kwaadwillenden kunnen ook gebruik maken van kwetsbaarheden in Oracle Fusion Middleware en andere producten om Denial-of-Service (DoS) aanvallen uit te voeren.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CWE-35
Path Traversal: '.../...//'
CWE-1395
Dependency on Vulnerable Third-Party Component
CWE-130
Improper Handling of Length Parameter Inconsistency
CWE-755
Improper Handling of Exceptional Conditions
CWE-732
Incorrect Permission Assignment for Critical Resource
CWE-116
Improper Encoding or Escaping of Output
CWE-190
Integer Overflow or Wraparound
CWE-532
Insertion of Sensitive Information into Log File
CWE-798
Use of Hard-coded Credentials
CWE-125
Out-of-bounds Read
CWE-284
Improper Access Control
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-295
Improper Certificate Validation
CWE-400
Uncontrolled Resource Consumption
CWE-502
Deserialization of Untrusted Data
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-611
Improper Restriction of XML External Entity Reference
CWE-787
Out-of-bounds Write
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-122
Heap-based Buffer Overflow
CWE-121
Stack-based Buffer Overflow
CWE-20
Improper Input Validation
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Oracle heeft meerdere kwetsbaarheden verholpen in zijn producten, waaronder Oracle Fusion Middleware, Oracle WebLogic Server, en Oracle HTTP Server.", title: "Feiten", }, { category: "description", text: "De kwetsbaarheden bevinden zich in verschillende Oracle producten, waaronder Oracle WebLogic Server versies 12.2.1.4.0 en 14.1.1.0.0, die het mogelijk maken voor ongeauthenticeerde kwaadwillenden om toegang te krijgen tot kritieke gegevens. Dit kan leiden tot ernstige gevolgen voor de vertrouwelijkheid, integriteit en beschikbaarheid van de systemen. De kwetsbaarheid in Oracle HTTP Server versie 12.2.1.4.0 stelt kwaadwillenden in staat om ongeautoriseerde toegang te verkrijgen, met een CVSS-score van 5.3, terwijl de kwetsbaarheid in WebLogic Server een CVSS-score van 9.8 heeft, wat wijst op een kritieke impact. Kwaadwillenden kunnen ook gebruik maken van kwetsbaarheden in Oracle Fusion Middleware en andere producten om Denial-of-Service (DoS) aanvallen uit te voeren.", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)", title: "CWE-338", }, { category: "general", text: "Path Traversal: '.../...//'", title: "CWE-35", }, { category: "general", text: "Dependency on Vulnerable Third-Party Component", title: "CWE-1395", }, { category: "general", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, { category: "general", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "general", text: "Incorrect Permission Assignment for Critical Resource", title: "CWE-732", }, { category: "general", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, { category: "general", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "general", text: "Insertion of Sensitive Information into Log File", title: "CWE-532", }, { category: "general", text: "Use of Hard-coded Credentials", title: "CWE-798", }, { category: "general", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "general", text: "Improper Access Control", title: "CWE-284", }, { category: "general", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "general", text: "Improper Certificate Validation", title: "CWE-295", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "general", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "Improper Restriction of XML External Entity Reference", title: "CWE-611", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "general", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "general", text: "Stack-based Buffer Overflow", title: "CWE-121", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - cveprojectv5; nvd; oracle", url: "https://www.oracle.com/security-alerts/cpujan2025.html", }, ], title: "Kwetsbaarheden verholpen in Oracle Fusion Middleware", tracking: { current_release_date: "2025-01-22T13:36:27.908718Z", id: "NCSC-2025-0027", initial_release_date: "2025-01-22T13:36:27.908718Z", revision_history: [ { date: "2025-01-22T13:36:27.908718Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "http_server", product: { name: "http_server", product_id: "CSAFPID-93909", product_identification_helper: { cpe: "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "http_server", product: { name: "http_server", product_id: "CSAFPID-40303", product_identification_helper: { cpe: "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "http_server", product: { name: "http_server", product_id: "CSAFPID-912074", product_identification_helper: { cpe: "cpe:2.3:a:oracle:http_server:14.1.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fusion_middleware_mapviewer", product: { name: "fusion_middleware_mapviewer", product_id: "CSAFPID-226018", product_identification_helper: { cpe: "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fusion_middleware", product: { name: "fusion_middleware", product_id: "CSAFPID-1646487", product_identification_helper: { cpe: "cpe:2.3:a:oracle:fusion_middleware:-:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fusion_middleware", product: { name: "fusion_middleware", product_id: "CSAFPID-332789", product_identification_helper: { cpe: "cpe:2.3:a:oracle:fusion_middleware:11.1.1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fusion_middleware", product: { name: "fusion_middleware", product_id: "CSAFPID-1747074", product_identification_helper: { cpe: "cpe:2.3:a:oracle:fusion_middleware:12.2.1.19.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fusion_middleware", product: { name: "fusion_middleware", product_id: "CSAFPID-342815", product_identification_helper: { cpe: "cpe:2.3:a:oracle:fusion_middleware:12.2.1.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fusion_middleware", product: { name: "fusion_middleware", product_id: "CSAFPID-271904", product_identification_helper: { cpe: "cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fusion_middleware", product: { name: "fusion_middleware", product_id: "CSAFPID-503474", product_identification_helper: { cpe: "cpe:2.3:a:oracle:fusion_middleware:14.1.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fusion_middleware", product: { name: "fusion_middleware", product_id: "CSAFPID-1674670", product_identification_helper: { cpe: "cpe:2.3:a:oracle:fusion_middleware:8.5.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "weblogic_server", product: { name: "weblogic_server", product_id: "CSAFPID-3661", product_identification_helper: { cpe: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "weblogic_server", product: { name: "weblogic_server", product_id: "CSAFPID-3660", product_identification_helper: { cpe: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "weblogic_server", product: { name: "weblogic_server", product_id: "CSAFPID-1973", product_identification_helper: { cpe: "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "weblogic_server", product: { name: "weblogic_server", product_id: "CSAFPID-1751293", product_identification_helper: { cpe: "cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "security_service", product: { name: "security_service", product_id: "CSAFPID-199820", product_identification_helper: { cpe: "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_activity_monitoring", product: { name: "business_activity_monitoring", product_id: "CSAFPID-228157", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_activity_monitoring__bam_", product: { name: "business_activity_monitoring__bam_", product_id: "CSAFPID-764927", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_activity_monitoring__bam_:12.2.1.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_activity_monitoring__bam_", product: { name: "business_activity_monitoring__bam_", product_id: "CSAFPID-764928", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_activity_monitoring__bam_:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "identity_manager", product: { name: "identity_manager", product_id: "CSAFPID-220164", product_identification_helper: { cpe: "cpe:2.3:a:oracle:identity_manager:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "managed_file_transfer", product: { name: "managed_file_transfer", product_id: "CSAFPID-204581", product_identification_helper: { cpe: "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "middleware_common_libraries_and_tools", product: { name: "middleware_common_libraries_and_tools", product_id: "CSAFPID-94398", product_identification_helper: { cpe: "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "middleware_common_libraries_and_tools", product: { name: "middleware_common_libraries_and_tools", product_id: "CSAFPID-94309", product_identification_helper: { cpe: "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "middleware_common_libraries_and_tools", product: { name: "middleware_common_libraries_and_tools", product_id: "CSAFPID-94393", product_identification_helper: { cpe: "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:14.1.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_process_management_suite", product: { name: "business_process_management_suite", product_id: "CSAFPID-9043", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_process_management_suite", product: { name: "business_process_management_suite", product_id: "CSAFPID-9642", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "outside_in_technology", product: { name: "outside_in_technology", product_id: "CSAFPID-1260", product_identification_helper: { cpe: "cpe:2.3:a:oracle:outside_in_technology:8.5.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "outside_in_technology", product: { name: "outside_in_technology", product_id: "CSAFPID-912053", product_identification_helper: { cpe: "cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "webcenter_portal", product: { name: "webcenter_portal", product_id: "CSAFPID-135359", product_identification_helper: { cpe: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "webcenter_portal", product: { name: "webcenter_portal", product_id: "CSAFPID-45194", product_identification_helper: { cpe: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2019-12415", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, notes: [ { category: "other", text: "Improper Restriction of XML External Entity Reference", title: "CWE-611", }, ], product_status: { known_affected: [ "CSAFPID-45194", "CSAFPID-135359", "CSAFPID-1646487", "CSAFPID-9642", "CSAFPID-40303", "CSAFPID-220164", "CSAFPID-204581", "CSAFPID-94309", "CSAFPID-1260", "CSAFPID-3661", "CSAFPID-3660", "CSAFPID-1973", "CSAFPID-94393", "CSAFPID-226018", "CSAFPID-764927", "CSAFPID-764928", "CSAFPID-9043", "CSAFPID-93909", "CSAFPID-94398", ], }, references: [ { category: "self", summary: "CVE-2019-12415", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2019/CVE-2019-12415.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-45194", "CSAFPID-135359", "CSAFPID-1646487", "CSAFPID-9642", "CSAFPID-40303", "CSAFPID-220164", "CSAFPID-204581", "CSAFPID-94309", "CSAFPID-1260", "CSAFPID-3661", "CSAFPID-3660", "CSAFPID-1973", "CSAFPID-94393", "CSAFPID-226018", "CSAFPID-764927", "CSAFPID-764928", "CSAFPID-9043", "CSAFPID-93909", "CSAFPID-94398", ], }, ], title: "CVE-2019-12415", }, { cve: "CVE-2023-7272", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-3660", "CSAFPID-1973", ], }, references: [ { category: "self", summary: "CVE-2023-7272", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-7272.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-3660", "CSAFPID-1973", ], }, ], title: "CVE-2023-7272", }, { cve: "CVE-2023-38709", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, notes: [ { category: "other", text: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", title: "CWE-113", }, { category: "other", text: "Improper Validation of Specified Quantity in Input", title: "CWE-1284", }, ], product_status: { known_affected: [ "CSAFPID-228157", "CSAFPID-271904", "CSAFPID-40303", "CSAFPID-220164", "CSAFPID-94309", "CSAFPID-912053", "CSAFPID-45194", "CSAFPID-3660", "CSAFPID-1973", ], }, references: [ { category: "self", summary: "CVE-2023-38709", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-38709.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-228157", "CSAFPID-271904", "CSAFPID-40303", "CSAFPID-220164", "CSAFPID-94309", "CSAFPID-912053", "CSAFPID-45194", "CSAFPID-3660", "CSAFPID-1973", ], }, ], title: "CVE-2023-38709", }, { cve: "CVE-2023-39410", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1260", "CSAFPID-1973", "CSAFPID-3660", "CSAFPID-9642", "CSAFPID-40303", "CSAFPID-45194", "CSAFPID-94309", "CSAFPID-204581", "CSAFPID-220164", "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2023-39410", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-39410.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1260", "CSAFPID-1973", "CSAFPID-3660", "CSAFPID-9642", "CSAFPID-40303", "CSAFPID-45194", "CSAFPID-94309", "CSAFPID-204581", "CSAFPID-220164", "CSAFPID-271904", ], }, ], title: "CVE-2023-39410", }, { cve: "CVE-2023-44483", cwe: { id: "CWE-532", name: "Insertion of Sensitive Information into Log File", }, notes: [ { category: "other", text: "Insertion of Sensitive Information into Log File", title: "CWE-532", }, ], product_status: { known_affected: [ "CSAFPID-1260", "CSAFPID-1973", "CSAFPID-3660", "CSAFPID-9642", "CSAFPID-40303", "CSAFPID-45194", "CSAFPID-94309", "CSAFPID-204581", "CSAFPID-220164", "CSAFPID-271904", "CSAFPID-94393", "CSAFPID-226018", "CSAFPID-912053", "CSAFPID-912074", "CSAFPID-228157", ], }, references: [ { category: "self", summary: "CVE-2023-44483", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44483.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1260", "CSAFPID-1973", "CSAFPID-3660", "CSAFPID-9642", "CSAFPID-40303", "CSAFPID-45194", "CSAFPID-94309", "CSAFPID-204581", "CSAFPID-220164", "CSAFPID-271904", "CSAFPID-94393", "CSAFPID-226018", "CSAFPID-912053", "CSAFPID-912074", "CSAFPID-228157", ], }, ], title: "CVE-2023-44483", }, { cve: "CVE-2023-49582", cwe: { id: "CWE-732", name: "Incorrect Permission Assignment for Critical Resource", }, notes: [ { category: "other", text: "Incorrect Permission Assignment for Critical Resource", title: "CWE-732", }, { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, ], product_status: { known_affected: [ "CSAFPID-40303", ], }, references: [ { category: "self", summary: "CVE-2023-49582", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-49582.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-40303", ], }, ], title: "CVE-2023-49582", }, { cve: "CVE-2023-51775", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-332789", "CSAFPID-342815", "CSAFPID-1674670", "CSAFPID-503474", "CSAFPID-1260", "CSAFPID-1973", "CSAFPID-3660", "CSAFPID-40303", "CSAFPID-45194", "CSAFPID-94309", "CSAFPID-94393", "CSAFPID-204581", "CSAFPID-220164", "CSAFPID-226018", "CSAFPID-912053", "CSAFPID-912074", "CSAFPID-228157", "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2023-51775", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-51775.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-332789", "CSAFPID-342815", "CSAFPID-1674670", "CSAFPID-503474", "CSAFPID-1260", "CSAFPID-1973", "CSAFPID-3660", "CSAFPID-40303", "CSAFPID-45194", "CSAFPID-94309", "CSAFPID-94393", "CSAFPID-204581", "CSAFPID-220164", "CSAFPID-226018", "CSAFPID-912053", "CSAFPID-912074", "CSAFPID-228157", "CSAFPID-271904", ], }, ], title: "CVE-2023-51775", }, { cve: "CVE-2024-5535", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "other", text: "Dependency on Vulnerable Third-Party Component", title: "CWE-1395", }, ], product_status: { known_affected: [ "CSAFPID-40303", ], }, references: [ { category: "self", summary: "CVE-2024-5535", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5535.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-40303", ], }, ], title: "CVE-2024-5535", }, { cve: "CVE-2024-6119", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, notes: [ { category: "other", text: "Access of Resource Using Incompatible Type ('Type Confusion')", title: "CWE-843", }, ], product_status: { known_affected: [ "CSAFPID-40303", ], }, references: [ { category: "self", summary: "CVE-2024-6119", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6119.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-40303", ], }, ], title: "CVE-2024-6119", }, { cve: "CVE-2024-8096", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, notes: [ { category: "other", text: "Improper Certificate Validation", title: "CWE-295", }, ], product_status: { known_affected: [ "CSAFPID-40303", ], }, references: [ { category: "self", summary: "CVE-2024-8096", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-8096.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-40303", ], }, ], title: "CVE-2024-8096", }, { cve: "CVE-2024-23635", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-1260", "CSAFPID-1973", "CSAFPID-3660", "CSAFPID-40303", "CSAFPID-45194", "CSAFPID-94309", "CSAFPID-94393", "CSAFPID-204581", "CSAFPID-220164", "CSAFPID-226018", "CSAFPID-912053", "CSAFPID-912074", "CSAFPID-228157", "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2024-23635", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23635.json", }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1260", "CSAFPID-1973", "CSAFPID-3660", "CSAFPID-40303", "CSAFPID-45194", "CSAFPID-94309", "CSAFPID-94393", "CSAFPID-204581", "CSAFPID-220164", "CSAFPID-226018", "CSAFPID-912053", "CSAFPID-912074", "CSAFPID-228157", "CSAFPID-271904", ], }, ], title: "CVE-2024-23635", }, { cve: "CVE-2024-29857", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], product_status: { known_affected: [ "CSAFPID-228157", "CSAFPID-271904", "CSAFPID-40303", "CSAFPID-220164", "CSAFPID-94309", "CSAFPID-912053", "CSAFPID-45194", "CSAFPID-3660", "CSAFPID-1973", "CSAFPID-1747074", "CSAFPID-1674670", "CSAFPID-503474", ], }, references: [ { category: "self", summary: "CVE-2024-29857", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29857.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-228157", "CSAFPID-271904", "CSAFPID-40303", "CSAFPID-220164", "CSAFPID-94309", "CSAFPID-912053", "CSAFPID-45194", "CSAFPID-3660", "CSAFPID-1973", "CSAFPID-1747074", "CSAFPID-1674670", "CSAFPID-503474", ], }, ], title: "CVE-2024-29857", }, { cve: "CVE-2024-30171", cwe: { id: "CWE-208", name: "Observable Timing Discrepancy", }, notes: [ { category: "other", text: "Observable Timing Discrepancy", title: "CWE-208", }, { category: "other", text: "Observable Discrepancy", title: "CWE-203", }, ], product_status: { known_affected: [ "CSAFPID-228157", "CSAFPID-271904", "CSAFPID-40303", "CSAFPID-220164", "CSAFPID-94309", "CSAFPID-912053", "CSAFPID-45194", "CSAFPID-3660", "CSAFPID-1973", ], }, references: [ { category: "self", summary: "CVE-2024-30171", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-30171.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-228157", "CSAFPID-271904", "CSAFPID-40303", "CSAFPID-220164", "CSAFPID-94309", "CSAFPID-912053", "CSAFPID-45194", "CSAFPID-3660", "CSAFPID-1973", ], }, ], title: "CVE-2024-30171", }, { cve: "CVE-2024-30172", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], product_status: { known_affected: [ "CSAFPID-228157", "CSAFPID-271904", "CSAFPID-40303", "CSAFPID-220164", "CSAFPID-94309", "CSAFPID-912053", "CSAFPID-45194", "CSAFPID-3660", "CSAFPID-1973", ], }, references: [ { category: "self", summary: "CVE-2024-30172", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-30172.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-228157", "CSAFPID-271904", "CSAFPID-40303", "CSAFPID-220164", "CSAFPID-94309", "CSAFPID-912053", "CSAFPID-45194", "CSAFPID-3660", "CSAFPID-1973", ], }, ], title: "CVE-2024-30172", }, { cve: "CVE-2024-34447", cwe: { id: "CWE-706", name: "Use of Incorrectly-Resolved Name or Reference", }, notes: [ { category: "other", text: "Use of Incorrectly-Resolved Name or Reference", title: "CWE-706", }, ], product_status: { known_affected: [ "CSAFPID-228157", "CSAFPID-271904", "CSAFPID-40303", "CSAFPID-220164", "CSAFPID-94309", "CSAFPID-912053", "CSAFPID-45194", "CSAFPID-3660", "CSAFPID-1973", ], }, references: [ { category: "self", summary: "CVE-2024-34447", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34447.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-228157", "CSAFPID-271904", "CSAFPID-40303", "CSAFPID-220164", "CSAFPID-94309", "CSAFPID-912053", "CSAFPID-45194", "CSAFPID-3660", "CSAFPID-1973", ], }, ], title: "CVE-2024-34447", }, { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, notes: [ { category: "other", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-204581", ], }, references: [ { category: "self", summary: "CVE-2024-34750", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34750.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-204581", ], }, ], title: "CVE-2024-34750", }, { cve: "CVE-2024-37370", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, notes: [ { category: "other", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, ], product_status: { known_affected: [ "CSAFPID-199820", ], }, references: [ { category: "self", summary: "CVE-2024-37370", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37370.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-199820", ], }, ], title: "CVE-2024-37370", }, { cve: "CVE-2024-37371", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, notes: [ { category: "other", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, ], product_status: { known_affected: [ "CSAFPID-199820", ], }, references: [ { category: "self", summary: "CVE-2024-37371", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37371.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-199820", ], }, ], title: "CVE-2024-37371", }, { cve: "CVE-2024-38473", cwe: { id: "CWE-172", name: "Encoding Error", }, notes: [ { category: "other", text: "Encoding Error", title: "CWE-172", }, { category: "other", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, ], product_status: { known_affected: [ "CSAFPID-40303", ], }, references: [ { category: "self", summary: "CVE-2024-38473", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38473.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-40303", ], }, ], title: "CVE-2024-38473", }, { cve: "CVE-2024-38475", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, { category: "other", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, { category: "other", text: "Path Traversal: '.../...//'", title: "CWE-35", }, { category: "other", text: "Stack-based Buffer Overflow", title: "CWE-121", }, { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "other", text: "Use of Hard-coded Credentials", title: "CWE-798", }, { category: "other", text: "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)", title: "CWE-338", }, ], product_status: { known_affected: [ "CSAFPID-40303", ], }, references: [ { category: "self", summary: "CVE-2024-38475", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38475.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-40303", ], }, ], title: "CVE-2024-38475", }, { cve: "CVE-2024-38816", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "other", text: "Relative Path Traversal", title: "CWE-23", }, ], product_status: { known_affected: [ "CSAFPID-94309", "CSAFPID-220164", ], }, references: [ { category: "self", summary: "CVE-2024-38816", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38816.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-94309", "CSAFPID-220164", ], }, ], title: "CVE-2024-38816", }, { cve: "CVE-2024-38819", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], product_status: { known_affected: [ "CSAFPID-94309", "CSAFPID-220164", ], }, references: [ { category: "self", summary: "CVE-2024-38819", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38819.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-94309", "CSAFPID-220164", ], }, ], title: "CVE-2024-38819", }, { cve: "CVE-2024-38998", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, notes: [ { category: "other", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, ], product_status: { known_affected: [ "CSAFPID-228157", "CSAFPID-9642", "CSAFPID-226018", "CSAFPID-45194", ], }, references: [ { category: "self", summary: "CVE-2024-38998", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38998.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-228157", "CSAFPID-9642", "CSAFPID-226018", "CSAFPID-45194", ], }, ], title: "CVE-2024-38998", }, { cve: "CVE-2024-38999", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, notes: [ { category: "other", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, ], product_status: { known_affected: [ "CSAFPID-9642", "CSAFPID-228157", "CSAFPID-332789", "CSAFPID-342815", "CSAFPID-271904", "CSAFPID-1674670", "CSAFPID-503474", "CSAFPID-226018", "CSAFPID-45194", ], }, references: [ { category: "self", summary: "CVE-2024-38999", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38999.json", }, ], scores: [ { cvss_v3: { baseScore: 10, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-9642", "CSAFPID-228157", "CSAFPID-332789", "CSAFPID-342815", "CSAFPID-271904", "CSAFPID-1674670", "CSAFPID-503474", "CSAFPID-226018", "CSAFPID-45194", ], }, ], title: "CVE-2024-38999", }, { cve: "CVE-2024-40898", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, notes: [ { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, ], product_status: { known_affected: [ "CSAFPID-40303", ], }, references: [ { category: "self", summary: "CVE-2024-40898", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40898.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-40303", ], }, ], title: "CVE-2024-40898", }, { cve: "CVE-2024-45490", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "other", text: "Incorrect Calculation of Buffer Size", title: "CWE-131", }, { category: "other", text: "Improper Restriction of XML External Entity Reference", title: "CWE-611", }, ], product_status: { known_affected: [ "CSAFPID-912053", "CSAFPID-40303", ], }, references: [ { category: "self", summary: "CVE-2024-45490", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45490.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-912053", "CSAFPID-40303", ], }, ], title: "CVE-2024-45490", }, { cve: "CVE-2024-45491", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-912053", "CSAFPID-40303", ], }, references: [ { category: "self", summary: "CVE-2024-45491", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45491.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-912053", "CSAFPID-40303", ], }, ], title: "CVE-2024-45491", }, { cve: "CVE-2024-45492", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-912053", "CSAFPID-332789", "CSAFPID-342815", "CSAFPID-271904", "CSAFPID-1674670", "CSAFPID-503474", "CSAFPID-40303", ], }, references: [ { category: "self", summary: "CVE-2024-45492", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45492.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-912053", "CSAFPID-332789", "CSAFPID-342815", "CSAFPID-271904", "CSAFPID-1674670", "CSAFPID-503474", "CSAFPID-40303", ], }, ], title: "CVE-2024-45492", }, { cve: "CVE-2024-47072", cwe: { id: "CWE-121", name: "Stack-based Buffer Overflow", }, notes: [ { category: "other", text: "Stack-based Buffer Overflow", title: "CWE-121", }, { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, ], product_status: { known_affected: [ "CSAFPID-228157", ], }, references: [ { category: "self", summary: "CVE-2024-47072", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47072.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-228157", ], }, ], title: "CVE-2024-47072", }, { cve: "CVE-2024-47554", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1751293", "CSAFPID-45194", "CSAFPID-1973", "CSAFPID-3660", ], }, references: [ { category: "self", summary: "CVE-2024-47554", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47554.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1751293", "CSAFPID-45194", "CSAFPID-1973", "CSAFPID-3660", ], }, ], title: "CVE-2024-47554", }, { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, ], product_status: { known_affected: [ "CSAFPID-9642", ], }, references: [ { category: "self", summary: "CVE-2024-47561", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47561.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-9642", ], }, ], title: "CVE-2024-47561", }, { cve: "CVE-2025-21498", product_status: { known_affected: [ "CSAFPID-40303", ], }, references: [ { category: "self", summary: "CVE-2025-21498", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21498.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-40303", ], }, ], title: "CVE-2025-21498", }, { cve: "CVE-2025-21535", product_status: { known_affected: [ "CSAFPID-3660", "CSAFPID-1973", ], }, references: [ { category: "self", summary: "CVE-2025-21535", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21535.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-3660", "CSAFPID-1973", ], }, ], title: "CVE-2025-21535", }, { cve: "CVE-2025-21549", product_status: { known_affected: [ "CSAFPID-1973", ], }, references: [ { category: "self", summary: "CVE-2025-21549", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21549.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1973", ], }, ], title: "CVE-2025-21549", }, ], }
ncsc-2025-0021
Vulnerability from csaf_ncscnl
Published
2025-01-22 13:30
Modified
2025-01-22 13:30
Summary
Kwetsbaarheden verholpen in Oracle Communications
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft meerdere kwetsbaarheden verholpen in zijn Communicatieproducten, waaronder Oracle Communications Unified Assurance, Oracle Communications Cloud Native Core Network Function en Oracle Communications Order and Service Management.
Interpretaties
De kwetsbaarheden stellen ongeauthenticeerde kwaadwillenden in staat om Denial of Service (DoS) aanvallen uit te voeren of om ongeautoriseerde toegang tot gevoelige gegevens te verkrijgen. Specifieke versies, zoals 24.2.0 en 24.3.0 van de Cloud Native Core Network Function, zijn bijzonder kwetsbaar. Kwaadwillenden kunnen deze kwetsbaarheden misbruiken door speciaal geprepareerde HTTP-verzoeken te sturen naar het kwetsbare systeem.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-1395
Dependency on Vulnerable Third-Party Component
CWE-670
Always-Incorrect Control Flow Implementation
CWE-405
Asymmetric Resource Consumption (Amplification)
CWE-35
Path Traversal: '.../...//'
CWE-466
Return of Pointer Value Outside of Expected Range
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CWE-676
Use of Potentially Dangerous Function
CWE-606
Unchecked Input for Loop Condition
CWE-450
Multiple Interpretations of UI Input
CWE-131
Incorrect Calculation of Buffer Size
CWE-328
Use of Weak Hash
CWE-130
Improper Handling of Length Parameter Inconsistency
CWE-669
Incorrect Resource Transfer Between Spheres
CWE-1220
Insufficient Granularity of Access Control
CWE-201
Insertion of Sensitive Information Into Sent Data
CWE-349
Acceptance of Extraneous Untrusted Data With Trusted Data
CWE-755
Improper Handling of Exceptional Conditions
CWE-347
Improper Verification of Cryptographic Signature
CWE-834
Excessive Iteration
CWE-178
Improper Handling of Case Sensitivity
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE-440
Expected Behavior Violation
CWE-415
Double Free
CWE-311
Missing Encryption of Sensitive Data
CWE-924
Improper Enforcement of Message Integrity During Transmission in a Communication Channel
CWE-754
Improper Check for Unusual or Exceptional Conditions
CWE-703
Improper Check or Handling of Exceptional Conditions
CWE-617
Reachable Assertion
CWE-427
Uncontrolled Search Path Element
CWE-836
Use of Password Hash Instead of Password for Authentication
CWE-680
Integer Overflow to Buffer Overflow
CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CWE-23
Relative Path Traversal
CWE-116
Improper Encoding or Escaping of Output
CWE-345
Insufficient Verification of Data Authenticity
CWE-203
Observable Discrepancy
CWE-354
Improper Validation of Integrity Check Value
CWE-325
Missing Cryptographic Step
CWE-190
Integer Overflow or Wraparound
CWE-451
User Interface (UI) Misrepresentation of Critical Information
CWE-61
UNIX Symbolic Link (Symlink) Following
CWE-552
Files or Directories Accessible to External Parties
CWE-639
Authorization Bypass Through User-Controlled Key
CWE-798
Use of Hard-coded Credentials
CWE-434
Unrestricted Upload of File with Dangerous Type
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-404
Improper Resource Shutdown or Release
CWE-284
Improper Access Control
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-1333
Inefficient Regular Expression Complexity
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-416
Use After Free
CWE-476
NULL Pointer Dereference
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CWE-400
Uncontrolled Resource Consumption
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-502
Deserialization of Untrusted Data
CWE-248
Uncaught Exception
CWE-674
Uncontrolled Recursion
CWE-863
Incorrect Authorization
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-611
Improper Restriction of XML External Entity Reference
CWE-787
Out-of-bounds Write
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-122
Heap-based Buffer Overflow
CWE-121
Stack-based Buffer Overflow
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-269
Improper Privilege Management
CWE-20
Improper Input Validation
CWE-209
Generation of Error Message Containing Sensitive Information
CWE-276
Incorrect Default Permissions
CWE-294
Authentication Bypass by Capture-replay
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Oracle heeft meerdere kwetsbaarheden verholpen in zijn Communicatieproducten, waaronder Oracle Communications Unified Assurance, Oracle Communications Cloud Native Core Network Function en Oracle Communications Order and Service Management.", title: "Feiten", }, { category: "description", text: "De kwetsbaarheden stellen ongeauthenticeerde kwaadwillenden in staat om Denial of Service (DoS) aanvallen uit te voeren of om ongeautoriseerde toegang tot gevoelige gegevens te verkrijgen. Specifieke versies, zoals 24.2.0 en 24.3.0 van de Cloud Native Core Network Function, zijn bijzonder kwetsbaar. Kwaadwillenden kunnen deze kwetsbaarheden misbruiken door speciaal geprepareerde HTTP-verzoeken te sturen naar het kwetsbare systeem.", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Dependency on Vulnerable Third-Party Component", title: "CWE-1395", }, { category: "general", text: "Always-Incorrect Control Flow Implementation", title: "CWE-670", }, { category: "general", text: "Asymmetric Resource Consumption (Amplification)", title: "CWE-405", }, { category: "general", text: "Path Traversal: '.../...//'", title: "CWE-35", }, { category: "general", text: "Return of Pointer Value Outside of Expected Range", title: "CWE-466", }, { category: "general", text: "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)", title: "CWE-338", }, { category: "general", text: "Use of Potentially Dangerous Function", title: "CWE-676", }, { category: "general", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, { category: "general", text: "Multiple Interpretations of UI Input", title: "CWE-450", }, { category: "general", text: "Incorrect Calculation of Buffer Size", title: "CWE-131", }, { category: "general", text: "Use of Weak Hash", title: "CWE-328", }, { category: "general", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, { category: "general", text: "Incorrect Resource Transfer Between Spheres", title: "CWE-669", }, { category: "general", text: "Insufficient Granularity of Access Control", title: "CWE-1220", }, { category: "general", text: "Insertion of Sensitive Information Into Sent Data", title: "CWE-201", }, { category: "general", text: "Acceptance of Extraneous Untrusted Data With Trusted Data", title: "CWE-349", }, { category: "general", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "general", text: "Improper Verification of Cryptographic Signature", title: "CWE-347", }, { category: "general", text: "Excessive Iteration", title: "CWE-834", }, { category: "general", text: "Improper Handling of Case Sensitivity", title: "CWE-178", }, { category: "general", text: "Time-of-check Time-of-use (TOCTOU) Race Condition", title: "CWE-367", }, { category: "general", text: "Expected Behavior Violation", title: "CWE-440", }, { category: "general", text: "Double Free", title: "CWE-415", }, { category: "general", text: "Missing Encryption of Sensitive Data", title: "CWE-311", }, { category: "general", text: "Improper Enforcement of Message Integrity During Transmission in a Communication Channel", title: "CWE-924", }, { category: "general", text: "Improper Check for Unusual or Exceptional Conditions", title: "CWE-754", }, { category: "general", text: "Improper Check or Handling of Exceptional Conditions", title: "CWE-703", }, { category: "general", text: "Reachable Assertion", title: "CWE-617", }, { category: "general", text: "Uncontrolled Search Path Element", title: "CWE-427", }, { category: "general", text: "Use of Password Hash Instead of Password for Authentication", title: "CWE-836", }, { category: "general", text: "Integer Overflow to Buffer Overflow", title: "CWE-680", }, { category: "general", text: "Access of Resource Using Incompatible Type ('Type Confusion')", title: "CWE-843", }, { category: "general", text: "Relative Path Traversal", title: "CWE-23", }, { category: "general", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, { category: "general", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, { category: "general", text: "Observable Discrepancy", title: "CWE-203", }, { category: "general", text: "Improper Validation of Integrity Check Value", title: "CWE-354", }, { category: "general", text: "Missing Cryptographic Step", title: "CWE-325", }, { category: "general", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "general", text: "User Interface (UI) Misrepresentation of Critical Information", title: "CWE-451", }, { category: "general", text: "UNIX Symbolic Link (Symlink) Following", title: "CWE-61", }, { category: "general", text: "Files or Directories Accessible to External Parties", title: "CWE-552", }, { category: "general", text: "Authorization Bypass Through User-Controlled Key", title: "CWE-639", }, { category: "general", text: "Use of Hard-coded Credentials", title: "CWE-798", }, { category: "general", text: "Unrestricted Upload of File with Dangerous Type", title: "CWE-434", }, { category: "general", text: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", title: "CWE-362", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "Improper Access Control", title: "CWE-284", }, { category: "general", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "general", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, { category: "general", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, { category: "general", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "general", text: "Use of a Broken or Risky Cryptographic Algorithm", title: "CWE-327", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "general", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "general", text: "Uncaught Exception", title: "CWE-248", }, { category: "general", text: "Uncontrolled Recursion", title: "CWE-674", }, { category: "general", text: "Incorrect Authorization", title: "CWE-863", }, { category: "general", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "Improper Restriction of XML External Entity Reference", title: "CWE-611", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "general", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "general", text: "Stack-based Buffer Overflow", title: "CWE-121", }, { category: "general", text: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", title: "CWE-120", }, { category: "general", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, { category: "general", text: "Improper Privilege Management", title: "CWE-269", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Generation of Error Message Containing Sensitive Information", title: "CWE-209", }, { category: "general", text: "Incorrect Default Permissions", title: "CWE-276", }, { category: "general", text: "Authentication Bypass by Capture-replay", title: "CWE-294", }, { category: "general", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - cveprojectv5; nvd; oracle", url: "https://www.oracle.com/security-alerts/cpujan2025.html", }, ], title: "Kwetsbaarheden verholpen in Oracle Communications", tracking: { current_release_date: "2025-01-22T13:30:50.189632Z", id: "NCSC-2025-0021", initial_release_date: "2025-01-22T13:30:50.189632Z", revision_history: [ { date: "2025-01-22T13:30:50.189632Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1727475", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635313", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:10.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635305", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:12.11.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635311", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:12.11.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635312", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:12.11.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635323", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:12.6.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670430", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:14.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674632", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:14.0.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674630", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:14.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635320", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674633", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:17.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670439", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635322", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670429", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670435", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670431", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670436", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670432", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635321", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635310", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635318", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674640", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674642", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670434", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635316", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674639", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635314", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674638", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674637", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635306", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:4.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635307", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:4.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635317", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:46.6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635319", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:46.6.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670438", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635324", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635315", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:5.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670433", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674641", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.0.1.10.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674635", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674636", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.1.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670437", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.1.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674631", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.1.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674634", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635308", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635309", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications__10.4.0.4", product: { name: "communications__10.4.0.4", product_id: "CSAFPID-1674629", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications__10.4.0.4:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.2", product: { name: "communications___23.4.2", product_id: "CSAFPID-1670442", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.2:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.3", product: { name: "communications___23.4.3", product_id: "CSAFPID-1635325", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.3:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.4", product: { name: "communications___23.4.4", product_id: "CSAFPID-1635326", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.4:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.5", product: { name: "communications___23.4.5", product_id: "CSAFPID-1674645", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.5:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.6", product: { name: "communications___23.4.6", product_id: "CSAFPID-1674646", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.6:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___24.2.0", product: { name: "communications___24.2.0", product_id: "CSAFPID-1674644", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___24.2.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___7.2.1.0.0", product: { name: "communications___7.2.1.0.0", product_id: "CSAFPID-1670441", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___7.2.1.0.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___8.6.0.6", product: { name: "communications___8.6.0.6", product_id: "CSAFPID-1635327", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___8.6.0.6:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___8.6.0.8", product: { name: "communications___8.6.0.8", product_id: "CSAFPID-1635328", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___8.6.0.8:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___9.0.2", product: { name: "communications___9.0.2", product_id: "CSAFPID-1670440", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___9.0.2:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___9.0.3", product: { name: "communications___9.0.3", product_id: "CSAFPID-1635329", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___9.0.3:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___9.1.1.8.0", product: { name: "communications___9.1.1.8.0", product_id: "CSAFPID-1674643", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___9.1.1.8.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1751386", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674621", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1751381", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:15.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1751383", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:15.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1751378", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:3.0.2.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1751377", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:3.0.3.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1751385", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:3.0.3.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674618", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:6.0.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674619", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674622", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1751384", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674617", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.4.3.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674623", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1751382", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:8.0.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1751380", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:8.1.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1751379", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:8.1.0.26:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674620", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___12.0.6.0.0", product: { name: "communications_applications___12.0.6.0.0", product_id: "CSAFPID-1674627", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___12.0.6.0.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___5.5.22", product: { name: "communications_applications___5.5.22", product_id: "CSAFPID-1674626", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___5.5.22:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___6.0.3", product: { name: "communications_applications___6.0.3", product_id: "CSAFPID-1674628", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___6.0.3:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___6.0.4", product: { name: "communications_applications___6.0.4", product_id: "CSAFPID-1674624", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___6.0.4:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___6.0.5", product: { name: "communications_applications___6.0.5", product_id: "CSAFPID-1674625", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___6.0.5:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_asap", product: { name: "communications_asap", product_id: "CSAFPID-816792", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-764735", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-1751255", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4-12.0.0.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-1751254", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0-15.0.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-816793", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-912557", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-764247", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-1650820", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.4-12.0.0.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-912556", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-1751303", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-220055", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-816765", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-816766", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-816767", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-1503577", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-1751300", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-764237", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1650752", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1673396", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1751085", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1751079", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:24.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_certificate_management", product: { name: "communications_cloud_native_core_certificate_management", product_id: "CSAFPID-1673526", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_certificate_management", product: { name: "communications_cloud_native_core_certificate_management", product_id: "CSAFPID-1673391", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_certificate_management", product: { name: "communications_cloud_native_core_certificate_management", product_id: "CSAFPID-1673394", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_certificate_management", product: { name: "communications_cloud_native_core_certificate_management", product_id: "CSAFPID-1751253", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:24.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-816768", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-816769", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-912085", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-1503578", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-1673389", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-1673390", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-1751090", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:24.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_dbtier", product: { name: "communications_cloud_native_core_dbtier", product_id: "CSAFPID-1673421", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_dbtier", product: { name: "communications_cloud_native_core_dbtier", product_id: "CSAFPID-1673420", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_dbtier", product: { name: "communications_cloud_native_core_dbtier", product_id: "CSAFPID-1751246", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-816770", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-816771", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-912068", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-1503579", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-816772", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-912076", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-1503580", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-219838", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-611387", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-816773", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912101", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-1503581", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-1751208", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-1751209", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912539", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912540", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912541", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912542", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912543", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-816774", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-816346", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-912077", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-1503322", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-1673413", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-1673415", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:24.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-1751231", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:24.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-816775", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-912544", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-816348", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-912545", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-816347", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-1673494", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-816776", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-816777", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-764240", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1650751", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1673517", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1673395", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-912069", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1751225", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:24.2.0-24.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1751088", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1751089", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:24.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-94291", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-816778", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-614517", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-912547", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-1673392", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-1503582", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-1673393", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-1751081", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-1751084", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-912546", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-224795", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-912548", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-912102", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-912549", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1503583", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1503584", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1503585", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1672767", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1751241", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-764826", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-90016", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-912078", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-816349", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-912550", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1503586", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1503587", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1751238", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1751240", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1673399", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1751239", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1751080", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1751082", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-816779", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:_signaling___23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_application_server", product: { name: "communications_converged_application_server", product_id: "CSAFPID-1751229", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_application_server:8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_application_server", product: { name: "communications_converged_application_server", product_id: "CSAFPID-1751230", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_application_server:8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_charging_system", product: { name: "communications_converged_charging_system", product_id: "CSAFPID-1503599", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_charging_system", product: { name: "communications_converged_charging_system", product_id: "CSAFPID-1503600", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-1751292", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.2.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-1751294", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.3.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-224793", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-1751295", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.3.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-816794", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.3.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-342793", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-1650777", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.1.0.0-12.0.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-1265", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-816350", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-1261", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_core_session_manager", product: { name: "communications_core_session_manager", product_id: "CSAFPID-1672764", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_core_session_manager:9.1.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1503588", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1751104", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.3.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-40293", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1751242", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1751237", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0.0-9.0.2.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1751097", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-611413", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1751211", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-912551", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-912552", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_element_management_system", product: { name: "communications_eagle_element_management_system", product_id: "CSAFPID-1503316", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_element_management_system", product: { name: "communications_eagle_element_management_system", product_id: "CSAFPID-1503317", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_element_management_system", product: { name: "communications_eagle_element_management_system", product_id: "CSAFPID-1751243", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_element_management_system:47.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-764242", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-819413", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-819414", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.0.2.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-816780", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.4.53:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_fraud_monitor", product: { name: "communications_fraud_monitor", product_id: "CSAFPID-816781", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_fraud_monitor:5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_fraud_monitor", product: { name: "communications_fraud_monitor", product_id: "CSAFPID-816782", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_fraud_monitor:5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_fraud_monitor", product: { name: "communications_fraud_monitor", product_id: "CSAFPID-912553", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_fraud_monitor:5.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_instant_messaging_server", product: { name: "communications_instant_messaging_server", product_id: "CSAFPID-219803", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_ip_service_activator", product: { name: "communications_ip_service_activator", product_id: "CSAFPID-204622", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_ip_service_activator", product: { name: "communications_ip_service_activator", product_id: "CSAFPID-219909", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_ip_service_activator:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_messaging_server", product: { name: "communications_messaging_server", product_id: "CSAFPID-816351", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.24.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_messaging_server", product: { name: "communications_messaging_server", product_id: "CSAFPID-1751218", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.26:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_metasolv_solution", product: { name: "communications_metasolv_solution", product_id: "CSAFPID-611595", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816353", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.2.0.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816352", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-1503589", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-1503590", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-1673414", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816783", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.2.0.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816786", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816784", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.2.0.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816787", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816785", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.2.0.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816788", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-342803", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-1650778", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.1.0.0-12.0.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-1266", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-816354", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-204563", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_integrity", product: { name: "communications_network_integrity", product_id: "CSAFPID-219776", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_offline_mediation_controller", product: { name: "communications_offline_mediation_controller", product_id: "CSAFPID-765242", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_offline_mediation_controller", product: { name: "communications_offline_mediation_controller", product_id: "CSAFPID-916906", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_offline_mediation_controller", product: { name: "communications_offline_mediation_controller", product_id: "CSAFPID-1751247", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_offline_mediation_controller:15.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_offline_mediation_controller", product: { name: "communications_offline_mediation_controller", product_id: "CSAFPID-1751248", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_offline_mediation_controller:15.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-93781", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-220132", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-912079", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-224790", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-221118", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-1673496", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_performance_intelligence", product: { name: "communications_performance_intelligence", product_id: "CSAFPID-1503591", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_policy_management", product: { name: "communications_policy_management", product_id: "CSAFPID-816789", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_policy_management", product: { name: "communications_policy_management", product_id: "CSAFPID-816790", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_pricing_design_center", product: { name: "communications_pricing_design_center", product_id: "CSAFPID-764738", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_pricing_design_center", product: { name: "communications_pricing_design_center", product_id: "CSAFPID-816355", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-1503601", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816359", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.0.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816358", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816357", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.2.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-912558", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-1751233", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-1503602", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-1751234", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.1.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816795", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.0.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816796", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816797", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.2.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1503592", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1503593", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1672762", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1503594", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1503595", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-342804", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-819415", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-819416", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.0.2.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-816791", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.4.53:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-240600", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1673382", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:5.5.0-5.5.22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1650731", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1673530", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1751235", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.1-6.0.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1751296", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.4-6.0.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-764739", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-8984", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-204510", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-204569", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-219826", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-912073", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1503596", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1503597", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1503598", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1751217", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.11:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-912080", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1673481", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:14.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1751258", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:15.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_webrtc_session_controller", product: { name: "communications_webrtc_session_controller", product_id: "CSAFPID-912554", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2022-41727", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1673530", ], }, references: [ { category: "self", summary: "CVE-2022-41727", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-41727.json", }, ], title: "CVE-2022-41727", }, { cve: "CVE-2023-4408", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2023-4408", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4408.json", }, ], title: "CVE-2023-4408", }, { cve: "CVE-2023-5678", cwe: { id: "CWE-754", name: "Improper Check for Unusual or Exceptional Conditions", }, notes: [ { category: "other", text: "Improper Check for Unusual or Exceptional Conditions", title: "CWE-754", }, { category: "other", text: "Missing Cryptographic Step", title: "CWE-325", }, { category: "other", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-764237", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2023-5678", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5678.json", }, ], title: "CVE-2023-5678", }, { cve: "CVE-2023-5981", cwe: { id: "CWE-203", name: "Observable Discrepancy", }, notes: [ { category: "other", text: "Observable Discrepancy", title: "CWE-203", }, ], product_status: { known_affected: [ "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1751217", "CSAFPID-1673481", ], }, references: [ { category: "self", summary: "CVE-2023-5981", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5981.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1751217", "CSAFPID-1673481", ], }, ], title: "CVE-2023-5981", }, { cve: "CVE-2023-6597", cwe: { id: "CWE-61", name: "UNIX Symbolic Link (Symlink) Following", }, notes: [ { category: "other", text: "UNIX Symbolic Link (Symlink) Following", title: "CWE-61", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1751097", ], }, references: [ { category: "self", summary: "CVE-2023-6597", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6597.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1751097", ], }, ], title: "CVE-2023-6597", }, { cve: "CVE-2023-7256", cwe: { id: "CWE-415", name: "Double Free", }, notes: [ { category: "other", text: "Double Free", title: "CWE-415", }, ], product_status: { known_affected: [ "CSAFPID-220132", "CSAFPID-1751084", "CSAFPID-912079", ], }, references: [ { category: "self", summary: "CVE-2023-7256", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-7256.json", }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-220132", "CSAFPID-1751084", "CSAFPID-912079", ], }, ], title: "CVE-2023-7256", }, { cve: "CVE-2023-29407", cwe: { id: "CWE-834", name: "Excessive Iteration", }, notes: [ { category: "other", text: "Excessive Iteration", title: "CWE-834", }, ], product_status: { known_affected: [ "CSAFPID-1673530", ], }, references: [ { category: "self", summary: "CVE-2023-29407", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-29407.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673530", ], }, ], title: "CVE-2023-29407", }, { cve: "CVE-2023-29408", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1673530", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2023-29408", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-29408.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673530", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2023-29408", }, { cve: "CVE-2023-40577", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-1751208", "CSAFPID-1751209", ], }, references: [ { category: "self", summary: "CVE-2023-40577", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-40577.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1751208", "CSAFPID-1751209", ], }, ], title: "CVE-2023-40577", }, { cve: "CVE-2023-46218", cwe: { id: "CWE-201", name: "Insertion of Sensitive Information Into Sent Data", }, notes: [ { category: "other", text: "Insertion of Sensitive Information Into Sent Data", title: "CWE-201", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-1751211", ], }, references: [ { category: "self", summary: "CVE-2023-46218", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46218.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-1751211", ], }, ], title: "CVE-2023-46218", }, { cve: "CVE-2023-46219", cwe: { id: "CWE-311", name: "Missing Encryption of Sensitive Data", }, notes: [ { category: "other", text: "Missing Encryption of Sensitive Data", title: "CWE-311", }, ], product_status: { known_affected: [ "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-614517", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-1751211", ], }, references: [ { category: "self", summary: "CVE-2023-46219", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46219.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-614517", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-1751211", ], }, ], title: "CVE-2023-46219", }, { cve: "CVE-2023-46604", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, ], product_status: { known_affected: [ "CSAFPID-94291", "CSAFPID-40293", "CSAFPID-1265", "CSAFPID-1261", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-219826", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-204622", "CSAFPID-219803", "CSAFPID-219838", "CSAFPID-219909", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-224793", "CSAFPID-240600", "CSAFPID-342793", "CSAFPID-342803", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-611595", "CSAFPID-614517", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764738", "CSAFPID-816346", "CSAFPID-816347", "CSAFPID-816348", "CSAFPID-816349", "CSAFPID-816350", "CSAFPID-816351", "CSAFPID-816352", "CSAFPID-816353", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816776", "CSAFPID-816777", "CSAFPID-816778", "CSAFPID-816779", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-1751104", ], }, references: [ { category: "self", summary: "CVE-2023-46604", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46604.json", }, ], scores: [ { cvss_v3: { baseScore: 10, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-94291", "CSAFPID-40293", "CSAFPID-1265", "CSAFPID-1261", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-219826", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-204622", "CSAFPID-219803", "CSAFPID-219838", "CSAFPID-219909", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-224793", "CSAFPID-240600", "CSAFPID-342793", "CSAFPID-342803", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-611595", "CSAFPID-614517", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764738", "CSAFPID-816346", "CSAFPID-816347", "CSAFPID-816348", "CSAFPID-816349", "CSAFPID-816350", "CSAFPID-816351", "CSAFPID-816352", "CSAFPID-816353", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816776", "CSAFPID-816777", "CSAFPID-816778", "CSAFPID-816779", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-1751104", ], }, ], title: "CVE-2023-46604", }, { cve: "CVE-2023-50868", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2023-50868", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-50868.json", }, ], title: "CVE-2023-50868", }, { cve: "CVE-2024-0232", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1650777", "CSAFPID-1650778", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1751218", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-0232", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0232.json", }, ], title: "CVE-2024-0232", }, { cve: "CVE-2024-0397", product_status: { known_affected: [ "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1673530", ], }, references: [ { category: "self", summary: "CVE-2024-0397", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0397.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1673530", ], }, ], title: "CVE-2024-0397", }, { cve: "CVE-2024-0450", cwe: { id: "CWE-450", name: "Multiple Interpretations of UI Input", }, notes: [ { category: "other", text: "Multiple Interpretations of UI Input", title: "CWE-450", }, { category: "other", text: "Asymmetric Resource Consumption (Amplification)", title: "CWE-405", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1727475", "CSAFPID-1751097", ], }, references: [ { category: "self", summary: "CVE-2024-0450", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0450.json", }, ], scores: [ { cvss_v3: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1727475", "CSAFPID-1751097", ], }, ], title: "CVE-2024-0450", }, { cve: "CVE-2024-1442", cwe: { id: "CWE-269", name: "Improper Privilege Management", }, notes: [ { category: "other", text: "Improper Privilege Management", title: "CWE-269", }, ], product_status: { known_affected: [ "CSAFPID-1673530", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-1442", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-1442.json", }, ], scores: [ { cvss_v3: { baseScore: 6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1673530", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-1442", }, { cve: "CVE-2024-2961", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1672762", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1673396", "CSAFPID-1673395", "CSAFPID-1673494", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1727475", "CSAFPID-1751097", "CSAFPID-1751237", ], }, references: [ { category: "self", summary: "CVE-2024-2961", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2961.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1672762", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1673396", "CSAFPID-1673395", "CSAFPID-1673494", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1727475", "CSAFPID-1751097", "CSAFPID-1751237", ], }, ], title: "CVE-2024-2961", }, { cve: "CVE-2024-3596", cwe: { id: "CWE-924", name: "Improper Enforcement of Message Integrity During Transmission in a Communication Channel", }, notes: [ { category: "other", text: "Improper Enforcement of Message Integrity During Transmission in a Communication Channel", title: "CWE-924", }, { category: "other", text: "Use of Weak Hash", title: "CWE-328", }, { category: "other", text: "Authentication Bypass by Capture-replay", title: "CWE-294", }, { category: "other", text: "Use of Password Hash Instead of Password for Authentication", title: "CWE-836", }, { category: "other", text: "Use of a Broken or Risky Cryptographic Algorithm", title: "CWE-327", }, { category: "other", text: "User Interface (UI) Misrepresentation of Critical Information", title: "CWE-451", }, { category: "other", text: "Improper Validation of Integrity Check Value", title: "CWE-354", }, ], product_status: { known_affected: [ "CSAFPID-1751090", "CSAFPID-912079", "CSAFPID-220132", "CSAFPID-1751253", ], }, references: [ { category: "self", summary: "CVE-2024-3596", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-3596.json", }, ], scores: [ { cvss_v3: { baseScore: 9, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1751090", "CSAFPID-912079", "CSAFPID-220132", "CSAFPID-1751253", ], }, ], title: "CVE-2024-3596", }, { cve: "CVE-2024-4030", cwe: { id: "CWE-276", name: "Incorrect Default Permissions", }, notes: [ { category: "other", text: "Incorrect Default Permissions", title: "CWE-276", }, ], product_status: { known_affected: [ "CSAFPID-1673530", ], }, references: [ { category: "self", summary: "CVE-2024-4030", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4030.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673530", ], }, ], title: "CVE-2024-4030", }, { cve: "CVE-2024-4032", cwe: { id: "CWE-440", name: "Expected Behavior Violation", }, notes: [ { category: "other", text: "Expected Behavior Violation", title: "CWE-440", }, ], product_status: { known_affected: [ "CSAFPID-1673530", ], }, references: [ { category: "self", summary: "CVE-2024-4032", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4032.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1673530", ], }, ], title: "CVE-2024-4032", }, { cve: "CVE-2024-5535", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "other", text: "Dependency on Vulnerable Third-Party Component", title: "CWE-1395", }, ], product_status: { known_affected: [ "CSAFPID-1751090", "CSAFPID-1751253", ], }, references: [ { category: "self", summary: "CVE-2024-5535", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5535.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1751090", "CSAFPID-1751253", ], }, ], title: "CVE-2024-5535", }, { cve: "CVE-2024-6119", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, notes: [ { category: "other", text: "Access of Resource Using Incompatible Type ('Type Confusion')", title: "CWE-843", }, ], product_status: { known_affected: [ "CSAFPID-1751209", ], }, references: [ { category: "self", summary: "CVE-2024-6119", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6119.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1751209", ], }, ], title: "CVE-2024-6119", }, { cve: "CVE-2024-6162", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673526", "CSAFPID-1673399", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1727475", "CSAFPID-1751303", "CSAFPID-1650820", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-6162", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6162.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673526", "CSAFPID-1673399", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1727475", "CSAFPID-1751303", "CSAFPID-1650820", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-6162", }, { cve: "CVE-2024-6232", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, notes: [ { category: "other", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, ], product_status: { known_affected: [ "CSAFPID-1673530", ], }, references: [ { category: "self", summary: "CVE-2024-6232", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6232.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673530", ], }, ], title: "CVE-2024-6232", }, { cve: "CVE-2024-7254", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Uncontrolled Recursion", title: "CWE-674", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673391", "CSAFPID-1673394", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751225", "CSAFPID-1751233", "CSAFPID-1673530", "CSAFPID-1751234", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-7254", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7254.json", }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673391", "CSAFPID-1673394", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751225", "CSAFPID-1751233", "CSAFPID-1673530", "CSAFPID-1751234", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-7254", }, { cve: "CVE-2024-7592", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673530", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-7592", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7592.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673530", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-7592", }, { cve: "CVE-2024-7885", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", title: "CWE-362", }, ], product_status: { known_affected: [ "CSAFPID-1673526", "CSAFPID-1673399", "CSAFPID-1751080", "CSAFPID-1751090", "CSAFPID-1751079", "CSAFPID-1751225", "CSAFPID-1672767", "CSAFPID-1751241", "CSAFPID-1751081", "CSAFPID-1751084", "CSAFPID-1673393", "CSAFPID-1751085", "CSAFPID-1751231", ], }, references: [ { category: "self", summary: "CVE-2024-7885", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7885.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673526", "CSAFPID-1673399", "CSAFPID-1751080", "CSAFPID-1751090", "CSAFPID-1751079", "CSAFPID-1751225", "CSAFPID-1672767", "CSAFPID-1751241", "CSAFPID-1751081", "CSAFPID-1751084", "CSAFPID-1673393", "CSAFPID-1751085", "CSAFPID-1751231", ], }, ], title: "CVE-2024-7885", }, { cve: "CVE-2024-8006", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-220132", "CSAFPID-1751084", "CSAFPID-912079", ], }, references: [ { category: "self", summary: "CVE-2024-8006", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-8006.json", }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-220132", "CSAFPID-1751084", "CSAFPID-912079", ], }, ], title: "CVE-2024-8006", }, { cve: "CVE-2024-9143", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1751253", ], }, references: [ { category: "self", summary: "CVE-2024-9143", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-9143.json", }, ], title: "CVE-2024-9143", }, { cve: "CVE-2024-22195", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-764237", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-1751225", "CSAFPID-1751079", "CSAFPID-1751081", "CSAFPID-1673393", "CSAFPID-1751085", ], }, references: [ { category: "self", summary: "CVE-2024-22195", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22195.json", }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-764237", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-1751225", "CSAFPID-1751079", "CSAFPID-1751081", "CSAFPID-1673393", "CSAFPID-1751085", ], }, ], title: "CVE-2024-22195", }, { cve: "CVE-2024-24786", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], product_status: { known_affected: [ "CSAFPID-1673530", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-24786", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24786.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673530", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-24786", }, { cve: "CVE-2024-24791", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1751208", "CSAFPID-1751209", ], }, references: [ { category: "self", summary: "CVE-2024-24791", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24791.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1751208", "CSAFPID-1751209", ], }, ], title: "CVE-2024-24791", }, { cve: "CVE-2024-25638", cwe: { id: "CWE-345", name: "Insufficient Verification of Data Authenticity", }, notes: [ { category: "other", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, { category: "other", text: "Acceptance of Extraneous Untrusted Data With Trusted Data", title: "CWE-349", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751225", "CSAFPID-1751079", "CSAFPID-1751229", "CSAFPID-1751230", "CSAFPID-1751081", "CSAFPID-1751084", "CSAFPID-1673393", "CSAFPID-1751085", "CSAFPID-1751231", ], }, references: [ { category: "self", summary: "CVE-2024-25638", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25638.json", }, ], scores: [ { cvss_v3: { baseScore: 8.9, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751225", "CSAFPID-1751079", "CSAFPID-1751229", "CSAFPID-1751230", "CSAFPID-1751081", "CSAFPID-1751084", "CSAFPID-1673393", "CSAFPID-1751085", "CSAFPID-1751231", ], }, ], title: "CVE-2024-25638", }, { cve: "CVE-2024-25710", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-912101", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-912102", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-342804", "CSAFPID-912080", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-1727475", "CSAFPID-1751218", ], }, references: [ { category: "self", summary: "CVE-2024-25710", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25710.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-912101", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-912102", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-342804", "CSAFPID-912080", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-1727475", "CSAFPID-1751218", ], }, ], title: "CVE-2024-25710", }, { cve: "CVE-2024-26308", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-1727475", "CSAFPID-1751218", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-26308", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26308.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-1727475", "CSAFPID-1751218", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-26308", }, { cve: "CVE-2024-27309", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, { category: "other", text: "Incorrect Authorization", title: "CWE-863", }, ], product_status: { known_affected: [ "CSAFPID-1751233", "CSAFPID-1751234", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-27309", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27309.json", }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1751233", "CSAFPID-1751234", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-27309", }, { cve: "CVE-2024-28219", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, notes: [ { category: "other", text: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", title: "CWE-120", }, { category: "other", text: "Use of Potentially Dangerous Function", title: "CWE-676", }, { category: "other", text: "Integer Overflow to Buffer Overflow", title: "CWE-680", }, ], product_status: { known_affected: [ "CSAFPID-1751079", "CSAFPID-1751225", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1751085", "CSAFPID-912547", ], }, references: [ { category: "self", summary: "CVE-2024-28219", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28219.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "CSAFPID-1751079", "CSAFPID-1751225", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1751085", "CSAFPID-912547", ], }, ], title: "CVE-2024-28219", }, { cve: "CVE-2024-28834", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Use of a Broken or Risky Cryptographic Algorithm", title: "CWE-327", }, ], product_status: { known_affected: [ "CSAFPID-1673481", "CSAFPID-1751217", "CSAFPID-1503590", ], }, references: [ { category: "self", summary: "CVE-2024-28834", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28834.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1673481", "CSAFPID-1751217", "CSAFPID-1503590", ], }, ], title: "CVE-2024-28834", }, { cve: "CVE-2024-28835", cwe: { id: "CWE-248", name: "Uncaught Exception", }, notes: [ { category: "other", text: "Uncaught Exception", title: "CWE-248", }, ], product_status: { known_affected: [ "CSAFPID-1673481", "CSAFPID-1751217", "CSAFPID-1503590", ], }, references: [ { category: "self", summary: "CVE-2024-28835", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28835.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1673481", "CSAFPID-1751217", "CSAFPID-1503590", ], }, ], title: "CVE-2024-28835", }, { cve: "CVE-2024-28849", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673414", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1727475", "CSAFPID-1751235", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-28849", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28849.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673414", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1727475", "CSAFPID-1751235", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-28849", }, { cve: "CVE-2024-29025", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673494", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1727475", "CSAFPID-1751233", "CSAFPID-1751218", "CSAFPID-1751234", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-29025", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673494", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1727475", "CSAFPID-1751233", "CSAFPID-1751218", "CSAFPID-1751234", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-29025", }, { cve: "CVE-2024-29131", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1650820", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1673530", ], }, references: [ { category: "self", summary: "CVE-2024-29131", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29131.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1650820", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1673530", ], }, ], title: "CVE-2024-29131", }, { cve: "CVE-2024-29133", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1650820", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1673530", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-29133", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29133.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1650820", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1673530", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-29133", }, { cve: "CVE-2024-33599", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "other", text: "Stack-based Buffer Overflow", title: "CWE-121", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1673396", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1672762", "CSAFPID-1673395", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673494", "CSAFPID-1751237", ], }, references: [ { category: "self", summary: "CVE-2024-33599", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33599.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1673396", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1672762", "CSAFPID-1673395", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673494", "CSAFPID-1751237", ], }, ], title: "CVE-2024-33599", }, { cve: "CVE-2024-33600", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1673396", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1672762", "CSAFPID-1673395", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673494", "CSAFPID-1751237", ], }, references: [ { category: "self", summary: "CVE-2024-33600", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33600.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1673396", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1672762", "CSAFPID-1673395", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673494", "CSAFPID-1751237", ], }, ], title: "CVE-2024-33600", }, { cve: "CVE-2024-33601", cwe: { id: "CWE-703", name: "Improper Check or Handling of Exceptional Conditions", }, notes: [ { category: "other", text: "Improper Check or Handling of Exceptional Conditions", title: "CWE-703", }, { category: "other", text: "Reachable Assertion", title: "CWE-617", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1673396", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1672762", "CSAFPID-1673395", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673494", "CSAFPID-1751237", ], }, references: [ { category: "self", summary: "CVE-2024-33601", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33601.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1673396", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1672762", "CSAFPID-1673395", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673494", "CSAFPID-1751237", ], }, ], title: "CVE-2024-33601", }, { cve: "CVE-2024-33602", cwe: { id: "CWE-466", name: "Return of Pointer Value Outside of Expected Range", }, notes: [ { category: "other", text: "Return of Pointer Value Outside of Expected Range", title: "CWE-466", }, { category: "other", text: "Improper Check or Handling of Exceptional Conditions", title: "CWE-703", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1673396", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1672762", "CSAFPID-1673395", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673494", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751237", ], }, references: [ { category: "self", summary: "CVE-2024-33602", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33602.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1673396", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1672762", "CSAFPID-1673395", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673494", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751237", ], }, ], title: "CVE-2024-33602", }, { cve: "CVE-2024-34064", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1727475", "CSAFPID-1751238", "CSAFPID-1751225", "CSAFPID-1751079", "CSAFPID-1751081", "CSAFPID-1673393", "CSAFPID-1751239", "CSAFPID-1751082", "CSAFPID-1751240", "CSAFPID-1672767", "CSAFPID-1751241", "CSAFPID-1673481", "CSAFPID-1751085", ], }, references: [ { category: "self", summary: "CVE-2024-34064", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34064.json", }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1727475", "CSAFPID-1751238", "CSAFPID-1751225", "CSAFPID-1751079", "CSAFPID-1751081", "CSAFPID-1673393", "CSAFPID-1751239", "CSAFPID-1751082", "CSAFPID-1751240", "CSAFPID-1672767", "CSAFPID-1751241", "CSAFPID-1673481", "CSAFPID-1751085", ], }, ], title: "CVE-2024-34064", }, { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, notes: [ { category: "other", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673481", "CSAFPID-1503596", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751242", "CSAFPID-1751243", "CSAFPID-1751079", "CSAFPID-1751225", "CSAFPID-1751085", ], }, references: [ { category: "self", summary: "CVE-2024-34750", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34750.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673481", "CSAFPID-1503596", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751242", "CSAFPID-1751243", "CSAFPID-1751079", "CSAFPID-1751225", "CSAFPID-1751085", ], }, ], title: "CVE-2024-34750", }, { cve: "CVE-2024-35195", cwe: { id: "CWE-670", name: "Always-Incorrect Control Flow Implementation", }, notes: [ { category: "other", text: "Always-Incorrect Control Flow Implementation", title: "CWE-670", }, ], product_status: { known_affected: [ "CSAFPID-1751246", "CSAFPID-1751247", "CSAFPID-1751248", "CSAFPID-1673530", "CSAFPID-1673393", "CSAFPID-1751239", "CSAFPID-220132", "CSAFPID-1751082", "CSAFPID-1672767", "CSAFPID-1751241", "CSAFPID-912079", "CSAFPID-916906", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-35195", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35195.json", }, ], scores: [ { cvss_v3: { baseScore: 5.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1751246", "CSAFPID-1751247", "CSAFPID-1751248", "CSAFPID-1673530", "CSAFPID-1673393", "CSAFPID-1751239", "CSAFPID-220132", "CSAFPID-1751082", "CSAFPID-1672767", "CSAFPID-1751241", "CSAFPID-912079", "CSAFPID-916906", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-35195", }, { cve: "CVE-2024-37370", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, notes: [ { category: "other", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1673413", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1503590", "CSAFPID-1673393", "CSAFPID-1673395", "CSAFPID-1673399", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673392", "CSAFPID-1503589", "CSAFPID-1673415", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1751237", "CSAFPID-1751254", "CSAFPID-1751217", "CSAFPID-1673481", "CSAFPID-1751255", ], }, references: [ { category: "self", summary: "CVE-2024-37370", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37370.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1673413", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1503590", "CSAFPID-1673393", "CSAFPID-1673395", "CSAFPID-1673399", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673392", "CSAFPID-1503589", "CSAFPID-1673415", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1751237", "CSAFPID-1751254", "CSAFPID-1751217", "CSAFPID-1673481", "CSAFPID-1751255", ], }, ], title: "CVE-2024-37370", }, { cve: "CVE-2024-37371", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, notes: [ { category: "other", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1673413", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1503590", "CSAFPID-1673393", "CSAFPID-1673395", "CSAFPID-1673399", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673392", "CSAFPID-1503589", "CSAFPID-1673415", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751237", "CSAFPID-1751254", "CSAFPID-1751217", "CSAFPID-1673481", "CSAFPID-1751255", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-37371", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37371.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1673413", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1503590", "CSAFPID-1673393", "CSAFPID-1673395", "CSAFPID-1673399", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673392", "CSAFPID-1503589", "CSAFPID-1673415", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751237", "CSAFPID-1751254", "CSAFPID-1751217", "CSAFPID-1673481", "CSAFPID-1751255", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-37371", }, { cve: "CVE-2024-37891", cwe: { id: "CWE-669", name: "Incorrect Resource Transfer Between Spheres", }, notes: [ { category: "other", text: "Incorrect Resource Transfer Between Spheres", title: "CWE-669", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751225", "CSAFPID-1751254", "CSAFPID-1673530", "CSAFPID-1751217", "CSAFPID-1751255", "CSAFPID-816790", "CSAFPID-1751258", "CSAFPID-1673481", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-37891", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37891.json", }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751225", "CSAFPID-1751254", "CSAFPID-1673530", "CSAFPID-1751217", "CSAFPID-1751255", "CSAFPID-816790", "CSAFPID-1751258", "CSAFPID-1673481", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-37891", }, { cve: "CVE-2024-38475", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, { category: "other", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, { category: "other", text: "Path Traversal: '.../...//'", title: "CWE-35", }, { category: "other", text: "Stack-based Buffer Overflow", title: "CWE-121", }, { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "other", text: "Use of Hard-coded Credentials", title: "CWE-798", }, { category: "other", text: "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)", title: "CWE-338", }, ], references: [ { category: "self", summary: "CVE-2024-38475", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38475.json", }, ], title: "CVE-2024-38475", }, { cve: "CVE-2024-38807", cwe: { id: "CWE-347", name: "Improper Verification of Cryptographic Signature", }, notes: [ { category: "other", text: "Improper Verification of Cryptographic Signature", title: "CWE-347", }, ], product_status: { known_affected: [ "CSAFPID-1751090", "CSAFPID-1751233", "CSAFPID-1751234", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-38807", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38807.json", }, ], scores: [ { cvss_v3: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1751090", "CSAFPID-1751233", "CSAFPID-1751234", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-38807", }, { cve: "CVE-2024-38809", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, notes: [ { category: "other", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673393", ], }, references: [ { category: "self", summary: "CVE-2024-38809", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38809.json", }, ], scores: [ { cvss_v3: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "CSAFPID-1673393", ], }, ], title: "CVE-2024-38809", }, { cve: "CVE-2024-38816", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "other", text: "Relative Path Traversal", title: "CWE-23", }, ], product_status: { known_affected: [ "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751081", "CSAFPID-1673393", "CSAFPID-1751079", "CSAFPID-1751080", "CSAFPID-1751084", "CSAFPID-1751085", "CSAFPID-1751082", "CSAFPID-1751225", ], }, references: [ { category: "self", summary: "CVE-2024-38816", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38816.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1751081", "CSAFPID-1673393", "CSAFPID-1751079", "CSAFPID-1751080", "CSAFPID-1751084", "CSAFPID-1751085", "CSAFPID-1751082", "CSAFPID-1751225", ], }, ], title: "CVE-2024-38816", }, { cve: "CVE-2024-38819", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], product_status: { known_affected: [ "CSAFPID-1673393", "CSAFPID-1751079", "CSAFPID-1751080", "CSAFPID-1751081", "CSAFPID-1751082", "CSAFPID-1751084", "CSAFPID-1751085", "CSAFPID-1751225", "CSAFPID-1672767", "CSAFPID-1751241", ], }, references: [ { category: "self", summary: "CVE-2024-38819", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38819.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1673393", "CSAFPID-1751079", "CSAFPID-1751080", "CSAFPID-1751081", "CSAFPID-1751082", "CSAFPID-1751084", "CSAFPID-1751085", "CSAFPID-1751225", "CSAFPID-1672767", "CSAFPID-1751241", ], }, ], title: "CVE-2024-38819", }, { cve: "CVE-2024-38820", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, { category: "other", text: "Improper Handling of Case Sensitivity", title: "CWE-178", }, ], product_status: { known_affected: [ "CSAFPID-1751079", "CSAFPID-1751225", "CSAFPID-1751081", "CSAFPID-1751084", "CSAFPID-1673393", "CSAFPID-1751080", "CSAFPID-1751082", "CSAFPID-1751085", "CSAFPID-1672767", "CSAFPID-1751241", ], }, references: [ { category: "self", summary: "CVE-2024-38820", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38820.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1751079", "CSAFPID-1751225", "CSAFPID-1751081", "CSAFPID-1751084", "CSAFPID-1673393", "CSAFPID-1751080", "CSAFPID-1751082", "CSAFPID-1751085", "CSAFPID-1672767", "CSAFPID-1751241", ], }, ], title: "CVE-2024-38820", }, { cve: "CVE-2024-38827", cwe: { id: "CWE-639", name: "Authorization Bypass Through User-Controlled Key", }, notes: [ { category: "other", text: "Authorization Bypass Through User-Controlled Key", title: "CWE-639", }, ], product_status: { known_affected: [ "CSAFPID-1751225", "CSAFPID-1751079", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1673393", "CSAFPID-1751085", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-38827", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38827.json", }, ], scores: [ { cvss_v3: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1751225", "CSAFPID-1751079", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-1673393", "CSAFPID-1751085", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-38827", }, { cve: "CVE-2024-38998", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, notes: [ { category: "other", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, ], product_status: { known_affected: [ "CSAFPID-1751225", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-912073", "CSAFPID-1751254", "CSAFPID-1751079", "CSAFPID-1751242", "CSAFPID-1751234", "CSAFPID-1673496", "CSAFPID-1751233", "CSAFPID-1751255", "CSAFPID-1673481", "CSAFPID-1751085", "CSAFPID-220132", "CSAFPID-912079", ], }, references: [ { category: "self", summary: "CVE-2024-38998", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38998.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1751225", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-912073", "CSAFPID-1751254", "CSAFPID-1751079", "CSAFPID-1751242", "CSAFPID-1751234", "CSAFPID-1673496", "CSAFPID-1751233", "CSAFPID-1751255", "CSAFPID-1673481", "CSAFPID-1751085", "CSAFPID-220132", "CSAFPID-912079", ], }, ], title: "CVE-2024-38998", }, { cve: "CVE-2024-38999", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, notes: [ { category: "other", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, ], product_status: { known_affected: [ "CSAFPID-1751225", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-912073", "CSAFPID-1751254", "CSAFPID-1751079", "CSAFPID-1751242", "CSAFPID-1751234", "CSAFPID-1673496", "CSAFPID-1751233", "CSAFPID-1751255", "CSAFPID-1673481", "CSAFPID-1751085", "CSAFPID-220132", "CSAFPID-912079", ], }, references: [ { category: "self", summary: "CVE-2024-38999", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38999.json", }, ], scores: [ { cvss_v3: { baseScore: 10, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1751225", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-912073", "CSAFPID-1751254", "CSAFPID-1751079", "CSAFPID-1751242", "CSAFPID-1751234", "CSAFPID-1673496", "CSAFPID-1751233", "CSAFPID-1751255", "CSAFPID-1673481", "CSAFPID-1751085", "CSAFPID-220132", "CSAFPID-912079", ], }, ], title: "CVE-2024-38999", }, { cve: "CVE-2024-41817", cwe: { id: "CWE-427", name: "Uncontrolled Search Path Element", }, notes: [ { category: "other", text: "Uncontrolled Search Path Element", title: "CWE-427", }, ], product_status: { known_affected: [ "CSAFPID-1673382", "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-220132", "CSAFPID-912079", ], }, references: [ { category: "self", summary: "CVE-2024-41817", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41817.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673382", "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-220132", "CSAFPID-912079", ], }, ], title: "CVE-2024-41817", }, { cve: "CVE-2024-45490", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "other", text: "Incorrect Calculation of Buffer Size", title: "CWE-131", }, { category: "other", text: "Improper Restriction of XML External Entity Reference", title: "CWE-611", }, ], product_status: { known_affected: [ "CSAFPID-1673382", "CSAFPID-1673399", "CSAFPID-1650731", "CSAFPID-1673517", "CSAFPID-1673396", "CSAFPID-1673414", "CSAFPID-1503590", ], }, references: [ { category: "self", summary: "CVE-2024-45490", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45490.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673382", "CSAFPID-1673399", "CSAFPID-1650731", "CSAFPID-1673517", "CSAFPID-1673396", "CSAFPID-1673414", "CSAFPID-1503590", ], }, ], title: "CVE-2024-45490", }, { cve: "CVE-2024-45491", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-1673382", "CSAFPID-1673399", "CSAFPID-1650731", "CSAFPID-1673517", "CSAFPID-1673396", "CSAFPID-1673414", "CSAFPID-1503590", ], }, references: [ { category: "self", summary: "CVE-2024-45491", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45491.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673382", "CSAFPID-1673399", "CSAFPID-1650731", "CSAFPID-1673517", "CSAFPID-1673396", "CSAFPID-1673414", "CSAFPID-1503590", ], }, ], title: "CVE-2024-45491", }, { cve: "CVE-2024-45492", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-1673382", "CSAFPID-1673399", "CSAFPID-1650731", "CSAFPID-1673517", "CSAFPID-1673396", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1673414", "CSAFPID-1503590", ], }, references: [ { category: "self", summary: "CVE-2024-45492", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45492.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673382", "CSAFPID-1673399", "CSAFPID-1650731", "CSAFPID-1673517", "CSAFPID-1673396", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1673414", "CSAFPID-1503590", ], }, ], title: "CVE-2024-45492", }, { cve: "CVE-2024-47535", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1751233", "CSAFPID-1751234", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-47535", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47535.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1751233", "CSAFPID-1751234", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-47535", }, { cve: "CVE-2024-47554", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1751292", "CSAFPID-1751234", "CSAFPID-1751294", "CSAFPID-1751233", "CSAFPID-1751295", "CSAFPID-1751296", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-47554", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47554.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1751292", "CSAFPID-1751234", "CSAFPID-1751294", "CSAFPID-1751233", "CSAFPID-1751295", "CSAFPID-1751296", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-47554", }, { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, ], product_status: { known_affected: [ "CSAFPID-1751296", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2024-47561", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47561.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1751296", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2024-47561", }, { cve: "CVE-2024-47803", cwe: { id: "CWE-209", name: "Generation of Error Message Containing Sensitive Information", }, notes: [ { category: "other", text: "Generation of Error Message Containing Sensitive Information", title: "CWE-209", }, ], product_status: { known_affected: [ "CSAFPID-1751079", "CSAFPID-1751225", "CSAFPID-1672767", "CSAFPID-1751300", "CSAFPID-1751241", "CSAFPID-1751081", "CSAFPID-1751084", "CSAFPID-1673393", "CSAFPID-1751085", ], }, references: [ { category: "self", summary: "CVE-2024-47803", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47803.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1751079", "CSAFPID-1751225", "CSAFPID-1672767", "CSAFPID-1751300", "CSAFPID-1751241", "CSAFPID-1751081", "CSAFPID-1751084", "CSAFPID-1673393", "CSAFPID-1751085", ], }, ], title: "CVE-2024-47803", }, { cve: "CVE-2024-47804", cwe: { id: "CWE-863", name: "Incorrect Authorization", }, notes: [ { category: "other", text: "Incorrect Authorization", title: "CWE-863", }, { category: "other", text: "Insufficient Granularity of Access Control", title: "CWE-1220", }, { category: "other", text: "Access of Resource Using Incompatible Type ('Type Confusion')", title: "CWE-843", }, ], product_status: { known_affected: [ "CSAFPID-1751225", "CSAFPID-1751079", "CSAFPID-1672767", "CSAFPID-1751300", "CSAFPID-1751241", "CSAFPID-1751081", "CSAFPID-1751084", "CSAFPID-1673393", "CSAFPID-1751085", ], }, references: [ { category: "self", summary: "CVE-2024-47804", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47804.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1751225", "CSAFPID-1751079", "CSAFPID-1672767", "CSAFPID-1751300", "CSAFPID-1751241", "CSAFPID-1751081", "CSAFPID-1751084", "CSAFPID-1673393", "CSAFPID-1751085", ], }, ], title: "CVE-2024-47804", }, { cve: "CVE-2024-49766", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], product_status: { known_affected: [ "CSAFPID-1751208", "CSAFPID-1751246", "CSAFPID-1751209", ], }, references: [ { category: "self", summary: "CVE-2024-49766", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-49766.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1751208", "CSAFPID-1751246", "CSAFPID-1751209", ], }, ], title: "CVE-2024-49766", }, { cve: "CVE-2024-49767", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1751208", "CSAFPID-1751080", "CSAFPID-1751079", "CSAFPID-1751225", "CSAFPID-1751082", "CSAFPID-1751300", "CSAFPID-1751246", "CSAFPID-1751209", "CSAFPID-1673393", "CSAFPID-1751085", "CSAFPID-1751231", ], }, references: [ { category: "self", summary: "CVE-2024-49767", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-49767.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1751208", "CSAFPID-1751080", "CSAFPID-1751079", "CSAFPID-1751225", "CSAFPID-1751082", "CSAFPID-1751300", "CSAFPID-1751246", "CSAFPID-1751209", "CSAFPID-1673393", "CSAFPID-1751085", "CSAFPID-1751231", ], }, ], title: "CVE-2024-49767", }, { cve: "CVE-2024-50379", cwe: { id: "CWE-367", name: "Time-of-check Time-of-use (TOCTOU) Race Condition", }, notes: [ { category: "other", text: "Time-of-check Time-of-use (TOCTOU) Race Condition", title: "CWE-367", }, ], product_status: { known_affected: [ "CSAFPID-816790", ], }, references: [ { category: "self", summary: "CVE-2024-50379", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50379.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816790", ], }, ], title: "CVE-2024-50379", }, { cve: "CVE-2024-50602", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Improper Check for Unusual or Exceptional Conditions", title: "CWE-754", }, ], product_status: { known_affected: [ "CSAFPID-1751225", "CSAFPID-1751079", "CSAFPID-1751082", "CSAFPID-1751085", ], }, references: [ { category: "self", summary: "CVE-2024-50602", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50602.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1751225", "CSAFPID-1751079", "CSAFPID-1751082", "CSAFPID-1751085", ], }, ], title: "CVE-2024-50602", }, { cve: "CVE-2024-53677", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "other", text: "Unrestricted Upload of File with Dangerous Type", title: "CWE-434", }, { category: "other", text: "Files or Directories Accessible to External Parties", title: "CWE-552", }, ], product_status: { known_affected: [ "CSAFPID-816790", ], }, references: [ { category: "self", summary: "CVE-2024-53677", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-53677.json", }, ], scores: [ { cvss_v3: { baseScore: 9, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816790", ], }, ], title: "CVE-2024-53677", }, { cve: "CVE-2024-54677", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-816790", ], }, references: [ { category: "self", summary: "CVE-2024-54677", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-54677.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816790", ], }, ], title: "CVE-2024-54677", }, { cve: "CVE-2024-56337", cwe: { id: "CWE-367", name: "Time-of-check Time-of-use (TOCTOU) Race Condition", }, notes: [ { category: "other", text: "Time-of-check Time-of-use (TOCTOU) Race Condition", title: "CWE-367", }, ], product_status: { known_affected: [ "CSAFPID-816790", ], }, references: [ { category: "self", summary: "CVE-2024-56337", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-56337.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816790", ], }, ], title: "CVE-2024-56337", }, { cve: "CVE-2025-21542", product_status: { known_affected: [ "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2025-21542", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21542.json", }, ], scores: [ { cvss_v3: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2025-21542", }, { cve: "CVE-2025-21544", product_status: { known_affected: [ "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2025-21544", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21544.json", }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2025-21544", }, { cve: "CVE-2025-21554", product_status: { known_affected: [ "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, references: [ { category: "self", summary: "CVE-2025-21554", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21554.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-1751377", "CSAFPID-1751378", "CSAFPID-1751379", "CSAFPID-1751380", "CSAFPID-1751381", "CSAFPID-1751382", "CSAFPID-1751383", "CSAFPID-1674619", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1751384", "CSAFPID-1751385", "CSAFPID-1751386", ], }, ], title: "CVE-2025-21554", }, ], }
ncsc-2025-0020
Vulnerability from csaf_ncscnl
Published
2025-01-22 13:30
Modified
2025-01-22 13:30
Summary
Kwetsbaarheden verholpen in Oracle Database producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in diverse database producten en subsystemen, zoals de Core Database, Graal, Application Express, GoldenGate en REST data.
Interpretaties
De kwetsbaarheden bevinden zich in verschillende componenten van de Oracle Database, waaronder de Data Mining component en de Java VM. Deze kwetsbaarheden stellen laaggeprivilegieerde geauthenticeerde gebruikers in staat om het systeem te compromitteren, wat kan leiden tot ongeautoriseerde toegang en gegevensmanipulatie. De Java VM-kwetsbaarheid kan ook leiden tot ongeautoriseerde wijzigingen van gegevens.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-391
Unchecked Error Condition
CWE-115
Misinterpretation of Input
CWE-466
Return of Pointer Value Outside of Expected Range
CWE-222
Truncation of Security-relevant Information
CWE-131
Incorrect Calculation of Buffer Size
CWE-1287
Improper Validation of Specified Type of Input
CWE-922
Insecure Storage of Sensitive Information
CWE-191
Integer Underflow (Wrap or Wraparound)
CWE-1220
Insufficient Granularity of Access Control
CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CWE-178
Improper Handling of Case Sensitivity
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE-440
Expected Behavior Violation
CWE-1286
Improper Validation of Syntactic Correctness of Input
CWE-703
Improper Check or Handling of Exceptional Conditions
CWE-617
Reachable Assertion
CWE-427
Uncontrolled Search Path Element
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE-354
Improper Validation of Integrity Check Value
CWE-190
Integer Overflow or Wraparound
CWE-404
Improper Resource Shutdown or Release
CWE-284
Improper Access Control
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-1333
Inefficient Regular Expression Complexity
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-476
NULL Pointer Dereference
CWE-757
Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE-400
Uncontrolled Resource Consumption
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-502
Deserialization of Untrusted Data
CWE-674
Uncontrolled Recursion
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-611
Improper Restriction of XML External Entity Reference
CWE-787
Out-of-bounds Write
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-122
Heap-based Buffer Overflow
CWE-121
Stack-based Buffer Overflow
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-20
Improper Input Validation
CWE-276
Incorrect Default Permissions
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Oracle heeft kwetsbaarheden verholpen in diverse database producten en subsystemen, zoals de Core Database, Graal, Application Express, GoldenGate en REST data.", title: "Feiten", }, { category: "description", text: "De kwetsbaarheden bevinden zich in verschillende componenten van de Oracle Database, waaronder de Data Mining component en de Java VM. Deze kwetsbaarheden stellen laaggeprivilegieerde geauthenticeerde gebruikers in staat om het systeem te compromitteren, wat kan leiden tot ongeautoriseerde toegang en gegevensmanipulatie. De Java VM-kwetsbaarheid kan ook leiden tot ongeautoriseerde wijzigingen van gegevens.", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Unchecked Error Condition", title: "CWE-391", }, { category: "general", text: "Misinterpretation of Input", title: "CWE-115", }, { category: "general", text: "Return of Pointer Value Outside of Expected Range", title: "CWE-466", }, { category: "general", text: "Truncation of Security-relevant Information", title: "CWE-222", }, { category: "general", text: "Incorrect Calculation of Buffer Size", title: "CWE-131", }, { category: "general", text: "Improper Validation of Specified Type of Input", title: "CWE-1287", }, { category: "general", text: "Insecure Storage of Sensitive Information", title: "CWE-922", }, { category: "general", text: "Integer Underflow (Wrap or Wraparound)", title: "CWE-191", }, { category: "general", text: "Insufficient Granularity of Access Control", title: "CWE-1220", }, { category: "general", text: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", title: "CWE-776", }, { category: "general", text: "Improper Handling of Case Sensitivity", title: "CWE-178", }, { category: "general", text: "Time-of-check Time-of-use (TOCTOU) Race Condition", title: "CWE-367", }, { category: "general", text: "Expected Behavior Violation", title: "CWE-440", }, { category: "general", text: "Improper Validation of Syntactic Correctness of Input", title: "CWE-1286", }, { category: "general", text: "Improper Check or Handling of Exceptional Conditions", title: "CWE-703", }, { category: "general", text: "Reachable Assertion", title: "CWE-617", }, { category: "general", text: "Uncontrolled Search Path Element", title: "CWE-427", }, { category: "general", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, { category: "general", text: "Authentication Bypass Using an Alternate Path or Channel", title: "CWE-288", }, { category: "general", text: "Improper Validation of Integrity Check Value", title: "CWE-354", }, { category: "general", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "Improper Access Control", title: "CWE-284", }, { category: "general", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "general", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, { category: "general", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, { category: "general", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "general", text: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", title: "CWE-757", }, { category: "general", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "general", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "general", text: "Uncontrolled Recursion", title: "CWE-674", }, { category: "general", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "Improper Restriction of XML External Entity Reference", title: "CWE-611", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "general", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "general", text: "Stack-based Buffer Overflow", title: "CWE-121", }, { category: "general", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Incorrect Default Permissions", title: "CWE-276", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - cveprojectv5; nvd; oracle", url: "https://www.oracle.com/security-alerts/cpujan2025.html", }, ], title: "Kwetsbaarheden verholpen in Oracle Database producten", tracking: { current_release_date: "2025-01-22T13:30:16.354373Z", id: "NCSC-2025-0020", initial_release_date: "2025-01-22T13:30:16.354373Z", revision_history: [ { date: "2025-01-22T13:30:16.354373Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "graal_development_kit_for_micronaut", product: { name: "graal_development_kit_for_micronaut", product_id: "CSAFPID-1751216", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graal_development_kit_for_micronaut:23.5-23.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_data_mining", product: { name: "database_-_data_mining", product_id: "CSAFPID-1751200", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_data_mining:19.3-19.25:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_data_mining", product: { name: "database_-_data_mining", product_id: "CSAFPID-1751199", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_data_mining:21.3-21.16:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_migration_assistant_for_unicode", product: { name: "database_migration_assistant_for_unicode", product_id: "CSAFPID-1751212", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_migration_assistant_for_unicode:19.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_server", product: { name: "database_server", product_id: "CSAFPID-1503604", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_server:_java_vm___23.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_graalvm_multilingual_engine", product: { name: "database_-_graalvm_multilingual_engine", product_id: "CSAFPID-1751223", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_graalvm_multilingual_engine:21.4-21.16:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "database_-_graalvm_multilingual_engine", product: { name: "database_-_graalvm_multilingual_engine", product_id: "CSAFPID-1751224", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_-_graalvm_multilingual_engine:23.5-23.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "application_express", product: { name: "application_express", product_id: "CSAFPID-1503575", product_identification_helper: { cpe: "cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "application_express", product: { name: "application_express", product_id: "CSAFPID-1673188", product_identification_helper: { cpe: "cpe:2.3:a:oracle:application_express:24.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-342816", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_big_data_and_application_adapters", product: { name: "goldengate_big_data_and_application_adapters", product_id: "CSAFPID-816845", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_big_data_and_application_adapters", product: { name: "goldengate_big_data_and_application_adapters", product_id: "CSAFPID-1650825", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_big_data_and_application_adapters", product: { name: "goldengate_big_data_and_application_adapters", product_id: "CSAFPID-1751298", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate_big_data_and_application_adapters", product: { name: "goldengate_big_data_and_application_adapters", product_id: "CSAFPID-1751299", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1650767", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.23.0.0.240716:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-485902", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:19.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1503736", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:19.23.0.0.240716:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1503739", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:21.14:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1751093", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:21.16:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1751094", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:23.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1751095", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:23.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1751204", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:23.4-23.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1503738", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:21.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1751203", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:21.3-21.16:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "goldengate", product: { name: "goldengate", product_id: "CSAFPID-1650765", product_identification_helper: { cpe: "cpe:2.3:a:oracle:goldengate:21.3-21.14:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "rest_data_services", product: { name: "rest_data_services", product_id: "CSAFPID-711746", product_identification_helper: { cpe: "cpe:2.3:a:oracle:rest_data_services:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "rest_data_services", product: { name: "rest_data_services", product_id: "CSAFPID-1751305", product_identification_helper: { cpe: "cpe:2.3:a:oracle:rest_data_services:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "rest_data_services", product: { name: "rest_data_services", product_id: "CSAFPID-1751304", product_identification_helper: { cpe: "cpe:2.3:a:oracle:rest_data_services:24.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "secure_backup", product: { name: "secure_backup", product_id: "CSAFPID-667692", product_identification_helper: { cpe: "cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "secure_backup", product: { name: "secure_backup", product_id: "CSAFPID-345049", product_identification_helper: { cpe: "cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "secure_backup", product: { name: "secure_backup", product_id: "CSAFPID-611417", product_identification_helper: { cpe: "cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "secure_backup", product: { name: "secure_backup", product_id: "CSAFPID-1673422", product_identification_helper: { cpe: "cpe:2.3:a:oracle:secure_backup:19.1.0.0.0:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2024-38998", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, notes: [ { category: "other", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, ], product_status: { known_affected: [ "CSAFPID-1503575", "CSAFPID-1673188", "CSAFPID-1751204", "CSAFPID-1751203", ], }, references: [ { category: "self", summary: "CVE-2024-38998", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38998.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1503575", "CSAFPID-1673188", "CSAFPID-1751204", "CSAFPID-1751203", ], }, ], title: "CVE-2024-38998", }, { cve: "CVE-2024-38999", cwe: { id: "CWE-1321", name: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", }, notes: [ { category: "other", text: "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')", title: "CWE-1321", }, ], product_status: { known_affected: [ "CSAFPID-1503575", "CSAFPID-1673188", "CSAFPID-1751204", "CSAFPID-1751203", ], }, references: [ { category: "self", summary: "CVE-2024-38999", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38999.json", }, ], scores: [ { cvss_v3: { baseScore: 10, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1503575", "CSAFPID-1673188", "CSAFPID-1751204", "CSAFPID-1751203", ], }, ], title: "CVE-2024-38999", }, { cve: "CVE-2024-45490", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "other", text: "Incorrect Calculation of Buffer Size", title: "CWE-131", }, { category: "other", text: "Improper Restriction of XML External Entity Reference", title: "CWE-611", }, ], references: [ { category: "self", summary: "CVE-2024-45490", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45490.json", }, ], title: "CVE-2024-45490", }, { cve: "CVE-2024-45491", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], references: [ { category: "self", summary: "CVE-2024-45491", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45491.json", }, ], title: "CVE-2024-45491", }, { cve: "CVE-2024-45492", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], references: [ { category: "self", summary: "CVE-2024-45492", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45492.json", }, ], title: "CVE-2024-45492", }, { cve: "CVE-2024-45772", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, ], references: [ { category: "self", summary: "CVE-2024-45772", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45772.json", }, ], title: "CVE-2024-45772", }, { cve: "CVE-2024-47554", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2024-47554", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47554.json", }, ], title: "CVE-2024-47554", }, { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, ], product_status: { known_affected: [ "CSAFPID-1650825", "CSAFPID-1751298", "CSAFPID-1751299", ], }, references: [ { category: "self", summary: "CVE-2024-47561", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47561.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1650825", "CSAFPID-1751298", "CSAFPID-1751299", ], }, ], title: "CVE-2024-47561", }, { cve: "CVE-2024-50379", cwe: { id: "CWE-367", name: "Time-of-check Time-of-use (TOCTOU) Race Condition", }, notes: [ { category: "other", text: "Time-of-check Time-of-use (TOCTOU) Race Condition", title: "CWE-367", }, ], references: [ { category: "self", summary: "CVE-2024-50379", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50379.json", }, ], title: "CVE-2024-50379", }, { cve: "CVE-2024-52316", cwe: { id: "CWE-391", name: "Unchecked Error Condition", }, notes: [ { category: "other", text: "Unchecked Error Condition", title: "CWE-391", }, { category: "other", text: "Authentication Bypass Using an Alternate Path or Channel", title: "CWE-288", }, ], references: [ { category: "self", summary: "CVE-2024-52316", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-52316.json", }, ], title: "CVE-2024-52316", }, { cve: "CVE-2024-54677", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2024-54677", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-54677.json", }, ], title: "CVE-2024-54677", }, { cve: "CVE-2024-56337", cwe: { id: "CWE-367", name: "Time-of-check Time-of-use (TOCTOU) Race Condition", }, notes: [ { category: "other", text: "Time-of-check Time-of-use (TOCTOU) Race Condition", title: "CWE-367", }, ], references: [ { category: "self", summary: "CVE-2024-56337", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-56337.json", }, ], title: "CVE-2024-56337", }, { cve: "CVE-2025-21553", references: [ { category: "self", summary: "CVE-2025-21553", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21553.json", }, ], title: "CVE-2025-21553", }, { cve: "CVE-2025-21557", product_status: { known_affected: [ "CSAFPID-1503575", "CSAFPID-1673188", ], }, references: [ { category: "self", summary: "CVE-2025-21557", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21557.json", }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1503575", "CSAFPID-1673188", ], }, ], title: "CVE-2025-21557", }, { cve: "CVE-2022-26345", cwe: { id: "CWE-427", name: "Uncontrolled Search Path Element", }, notes: [ { category: "other", text: "Uncontrolled Search Path Element", title: "CWE-427", }, ], product_status: { known_affected: [ "CSAFPID-1751199", "CSAFPID-1751200", ], }, references: [ { category: "self", summary: "CVE-2022-26345", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-26345.json", }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1751199", "CSAFPID-1751200", ], }, ], title: "CVE-2022-26345", }, { cve: "CVE-2023-27043", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], references: [ { category: "self", summary: "CVE-2023-27043", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-27043.json", }, ], title: "CVE-2023-27043", }, { cve: "CVE-2023-36730", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1751203", "CSAFPID-1751204", ], }, references: [ { category: "self", summary: "CVE-2023-36730", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-36730.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1751203", "CSAFPID-1751204", ], }, ], title: "CVE-2023-36730", }, { cve: "CVE-2023-36785", cwe: { id: "CWE-191", name: "Integer Underflow (Wrap or Wraparound)", }, notes: [ { category: "other", text: "Integer Underflow (Wrap or Wraparound)", title: "CWE-191", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1751203", "CSAFPID-1751204", ], }, references: [ { category: "self", summary: "CVE-2023-36785", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-36785.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1751203", "CSAFPID-1751204", ], }, ], title: "CVE-2023-36785", }, { cve: "CVE-2023-48795", cwe: { id: "CWE-222", name: "Truncation of Security-relevant Information", }, notes: [ { category: "other", text: "Truncation of Security-relevant Information", title: "CWE-222", }, { category: "other", text: "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", title: "CWE-757", }, { category: "other", text: "Improper Validation of Integrity Check Value", title: "CWE-354", }, ], product_status: { known_affected: [ "CSAFPID-1650765", "CSAFPID-1650767", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-711746", "CSAFPID-816845", "CSAFPID-1503575", "CSAFPID-1503604", "CSAFPID-1751212", ], }, references: [ { category: "self", summary: "CVE-2023-48795", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1650765", "CSAFPID-1650767", "CSAFPID-342816", "CSAFPID-667692", "CSAFPID-711746", "CSAFPID-816845", "CSAFPID-1503575", "CSAFPID-1503604", "CSAFPID-1751212", ], }, ], title: "CVE-2023-48795", }, { cve: "CVE-2023-52428", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-342816", "CSAFPID-1503575", "CSAFPID-1503604", "CSAFPID-816845", "CSAFPID-711746", "CSAFPID-1751216", ], }, references: [ { category: "self", summary: "CVE-2023-52428", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52428.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-342816", "CSAFPID-1503575", "CSAFPID-1503604", "CSAFPID-816845", "CSAFPID-711746", "CSAFPID-1751216", ], }, ], title: "CVE-2023-52428", }, { cve: "CVE-2024-2961", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1503575", "CSAFPID-1503604", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-711746", ], }, references: [ { category: "self", summary: "CVE-2024-2961", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2961.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1503575", "CSAFPID-1503604", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-711746", ], }, ], title: "CVE-2024-2961", }, { cve: "CVE-2024-4030", cwe: { id: "CWE-276", name: "Incorrect Default Permissions", }, notes: [ { category: "other", text: "Incorrect Default Permissions", title: "CWE-276", }, ], references: [ { category: "self", summary: "CVE-2024-4030", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4030.json", }, ], title: "CVE-2024-4030", }, { cve: "CVE-2024-4032", cwe: { id: "CWE-440", name: "Expected Behavior Violation", }, notes: [ { category: "other", text: "Expected Behavior Violation", title: "CWE-440", }, ], references: [ { category: "self", summary: "CVE-2024-4032", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4032.json", }, ], title: "CVE-2024-4032", }, { cve: "CVE-2024-6232", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, notes: [ { category: "other", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, ], references: [ { category: "self", summary: "CVE-2024-6232", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6232.json", }, ], title: "CVE-2024-6232", }, { cve: "CVE-2024-6763", cwe: { id: "CWE-1286", name: "Improper Validation of Syntactic Correctness of Input", }, notes: [ { category: "other", text: "Improper Validation of Syntactic Correctness of Input", title: "CWE-1286", }, ], product_status: { known_affected: [ "CSAFPID-1751304", "CSAFPID-1751305", ], }, references: [ { category: "self", summary: "CVE-2024-6763", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6763.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1751304", "CSAFPID-1751305", ], }, ], title: "CVE-2024-6763", }, { cve: "CVE-2024-6923", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "other", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, ], references: [ { category: "self", summary: "CVE-2024-6923", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6923.json", }, ], title: "CVE-2024-6923", }, { cve: "CVE-2024-7254", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Uncontrolled Recursion", title: "CWE-674", }, ], references: [ { category: "self", summary: "CVE-2024-7254", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7254.json", }, ], title: "CVE-2024-7254", }, { cve: "CVE-2024-7592", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2024-7592", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7592.json", }, ], title: "CVE-2024-7592", }, { cve: "CVE-2024-8088", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], references: [ { category: "self", summary: "CVE-2024-8088", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-8088.json", }, ], title: "CVE-2024-8088", }, { cve: "CVE-2024-8927", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, { category: "other", text: "Insufficient Granularity of Access Control", title: "CWE-1220", }, ], product_status: { known_affected: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, references: [ { category: "self", summary: "CVE-2024-8927", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-8927.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1673422", "CSAFPID-345049", "CSAFPID-611417", ], }, ], title: "CVE-2024-8927", }, { cve: "CVE-2024-11053", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], references: [ { category: "self", summary: "CVE-2024-11053", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-11053.json", }, ], title: "CVE-2024-11053", }, { cve: "CVE-2024-21211", cwe: { id: "CWE-922", name: "Insecure Storage of Sensitive Information", }, notes: [ { category: "other", text: "Insecure Storage of Sensitive Information", title: "CWE-922", }, ], product_status: { known_affected: [ "CSAFPID-1751223", "CSAFPID-1751224", ], }, references: [ { category: "self", summary: "CVE-2024-21211", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21211.json", }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1751223", "CSAFPID-1751224", ], }, ], title: "CVE-2024-21211", }, { cve: "CVE-2024-22262", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, notes: [ { category: "other", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, ], product_status: { known_affected: [ "CSAFPID-1650825", "CSAFPID-1503575", "CSAFPID-1503604", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-711746", ], }, references: [ { category: "self", summary: "CVE-2024-22262", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22262.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1650825", "CSAFPID-1503575", "CSAFPID-1503604", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-711746", ], }, ], title: "CVE-2024-22262", }, { cve: "CVE-2024-24789", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Improper Validation of Specified Type of Input", title: "CWE-1287", }, ], references: [ { category: "self", summary: "CVE-2024-24789", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24789.json", }, ], title: "CVE-2024-24789", }, { cve: "CVE-2024-24790", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, { category: "other", text: "Misinterpretation of Input", title: "CWE-115", }, { category: "other", text: "Improper Validation of Specified Type of Input", title: "CWE-1287", }, ], references: [ { category: "self", summary: "CVE-2024-24790", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24790.json", }, ], title: "CVE-2024-24790", }, { cve: "CVE-2024-24791", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], references: [ { category: "self", summary: "CVE-2024-24791", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24791.json", }, ], title: "CVE-2024-24791", }, { cve: "CVE-2024-28757", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, notes: [ { category: "other", text: "Improper Restriction of XML External Entity Reference", title: "CWE-611", }, { category: "other", text: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", title: "CWE-776", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1503575", "CSAFPID-1503604", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-711746", ], }, references: [ { category: "self", summary: "CVE-2024-28757", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28757.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1503575", "CSAFPID-1503604", "CSAFPID-342816", "CSAFPID-816845", "CSAFPID-711746", ], }, ], title: "CVE-2024-28757", }, { cve: "CVE-2024-33599", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "other", text: "Stack-based Buffer Overflow", title: "CWE-121", }, ], references: [ { category: "self", summary: "CVE-2024-33599", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33599.json", }, ], title: "CVE-2024-33599", }, { cve: "CVE-2024-33600", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], references: [ { category: "self", summary: "CVE-2024-33600", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33600.json", }, ], title: "CVE-2024-33600", }, { cve: "CVE-2024-33601", cwe: { id: "CWE-703", name: "Improper Check or Handling of Exceptional Conditions", }, notes: [ { category: "other", text: "Improper Check or Handling of Exceptional Conditions", title: "CWE-703", }, { category: "other", text: "Reachable Assertion", title: "CWE-617", }, ], references: [ { category: "self", summary: "CVE-2024-33601", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33601.json", }, ], title: "CVE-2024-33601", }, { cve: "CVE-2024-33602", cwe: { id: "CWE-466", name: "Return of Pointer Value Outside of Expected Range", }, notes: [ { category: "other", text: "Return of Pointer Value Outside of Expected Range", title: "CWE-466", }, { category: "other", text: "Improper Check or Handling of Exceptional Conditions", title: "CWE-703", }, ], references: [ { category: "self", summary: "CVE-2024-33602", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33602.json", }, ], title: "CVE-2024-33602", }, { cve: "CVE-2024-38819", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], product_status: { known_affected: [ "CSAFPID-1650825", ], }, references: [ { category: "self", summary: "CVE-2024-38819", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38819.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1650825", ], }, ], title: "CVE-2024-38819", }, { cve: "CVE-2024-38820", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, { category: "other", text: "Improper Handling of Case Sensitivity", title: "CWE-178", }, ], product_status: { known_affected: [ "CSAFPID-1650825", ], }, references: [ { category: "self", summary: "CVE-2024-38820", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38820.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1650825", ], }, ], title: "CVE-2024-38820", }, ], }
ghsa-78wr-2p64-hpwj
Vulnerability from github
Published
2024-10-03 12:30
Modified
2025-01-31 15:30
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Summary
Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader
Details
Uncontrolled Resource Consumption vulnerability in Apache Commons IO.
The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.
This issue affects Apache Commons IO: from 2.0 before 2.14.0.
Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.
{ affected: [ { package: { ecosystem: "Maven", name: "commons-io:commons-io", }, ranges: [ { events: [ { introduced: "2.0", }, { fixed: "2.14.0", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2024-47554", ], database_specific: { cwe_ids: [ "CWE-400", ], github_reviewed: true, github_reviewed_at: "2024-10-03T16:52:23Z", nvd_published_at: "2024-10-03T12:15:02Z", severity: "HIGH", }, details: "Uncontrolled Resource Consumption vulnerability in Apache Commons IO.\n\nThe `org.apache.commons.io.input.XmlStreamReader` class may excessively consume CPU resources when processing maliciously crafted input.\n\n\nThis issue affects Apache Commons IO: from 2.0 before 2.14.0.\n\nUsers are recommended to upgrade to version 2.14.0 or later, which fixes the issue.", id: "GHSA-78wr-2p64-hpwj", modified: "2025-01-31T15:30:42Z", published: "2024-10-03T12:30:48Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-47554", }, { type: "PACKAGE", url: "https://github.com/apache/commons-io", }, { type: "WEB", url: "https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1", }, { type: "WEB", url: "https://security.netapp.com/advisory/ntap-20250131-0010", }, { type: "WEB", url: "http://www.openwall.com/lists/oss-security/2024/10/03/2", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", type: "CVSS_V3", }, { score: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", type: "CVSS_V4", }, ], summary: "Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader", }
wid-sec-w-2024-3082
Vulnerability from csaf_certbund
Published
2024-10-03 22:00
Modified
2024-12-16 23:00
Summary
Apache Commons IO: Schwachstelle ermöglicht Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Apache Commons ist ein Apache-Projekt, das alle Aspekte der wiederverwendbaren Java-Komponenten behandelt.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache Commons IO ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- UNIX
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Apache Commons ist ein Apache-Projekt, das alle Aspekte der wiederverwendbaren Java-Komponenten behandelt.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache Commons IO ausnutzen, um einen Denial of Service Angriff durchzuführen.", title: "Angriff", }, { category: "general", text: "- Linux\n- UNIX", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-3082 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3082.json", }, { category: "self", summary: "WID-SEC-2024-3082 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3082", }, { category: "external", summary: "GitHub Advisory Database vom 2024-10-03", url: "https://github.com/advisories/GHSA-78wr-2p64-hpwj", }, { category: "external", summary: "Red Hat Bugtracker #2316271 vom 2024-10-03", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2316271", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2024-5D581B2365 vom 2024-10-04", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2024-5d581b2365", }, { category: "external", summary: "IBM Security Bulletin 7172522 vom 2024-10-08", url: "https://www.ibm.com/support/pages/node/7172522", }, { category: "external", summary: "openSUSE Security Update OPENSUSE-SU-2024:14387-1 vom 2024-10-09", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/JRY5QEEISAVBMYG363PQWMMY2EMLEE5E/", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:3596-1 vom 2024-10-11", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019590.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:9571 vom 2024-11-13", url: "https://access.redhat.com/errata/RHSA-2024:9571", }, { category: "external", summary: "IBM Security Bulletin 7176463 vom 2024-11-19", url: "https://www.ibm.com/support/pages/node/7176463", }, { category: "external", summary: "IBM Security Bulletin 7176963 vom 2024-11-22", url: "https://www.ibm.com/support/pages/node/7176963", }, { category: "external", summary: "HCL Article KB0117576 vom 2024-12-04", url: "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0117576", }, { category: "external", summary: "IBM Security Bulletin 7176903 vom 2024-12-05", url: "https://www.ibm.com/support/pages/node/7176903", }, { category: "external", summary: "IBM Security Bulletin 7178253 vom 2024-12-09", url: "https://www.ibm.com/support/pages/node/7178253", }, { category: "external", summary: "IBM Security Bulletin 7179125 vom 2024-12-17", url: "https://www.ibm.com/support/pages/node/7179125", }, ], source_lang: "en-US", title: "Apache Commons IO: Schwachstelle ermöglicht Denial of Service", tracking: { current_release_date: "2024-12-16T23:00:00.000+00:00", generator: { date: "2024-12-17T09:12:34.991+00:00", engine: { name: "BSI-WID", version: "1.3.10", }, }, id: "WID-SEC-W-2024-3082", initial_release_date: "2024-10-03T22:00:00.000+00:00", revision_history: [ { date: "2024-10-03T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-10-07T22:00:00.000+00:00", number: "2", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-10-09T22:00:00.000+00:00", number: "3", summary: "Neue Updates von openSUSE aufgenommen", }, { date: "2024-10-13T22:00:00.000+00:00", number: "4", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-11-13T23:00:00.000+00:00", number: "5", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-11-18T23:00:00.000+00:00", number: "6", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-11-24T23:00:00.000+00:00", number: "7", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-12-04T23:00:00.000+00:00", number: "8", summary: "Neue Updates von HCL aufgenommen", }, { date: "2024-12-05T23:00:00.000+00:00", number: "9", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-12-09T23:00:00.000+00:00", number: "10", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-12-16T23:00:00.000+00:00", number: "11", summary: "Neue Updates von IBM aufgenommen", }, ], status: "final", version: "11", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "IO <2.14.0", product: { name: "Apache Commons IO <2.14.0", product_id: "T037949", }, }, { category: "product_version", name: "IO 2.14.0", product: { name: "Apache Commons IO 2.14.0", product_id: "T037949-fixed", product_identification_helper: { cpe: "cpe:/a:apache:commons:io__2.14.0", }, }, }, { category: "product_version_range", name: "IO >=2.0", product: { name: "Apache Commons IO >=2.0", product_id: "T037950", }, }, { category: "product_version_range", name: "IO >=2.0", product: { name: "Apache Commons IO >=2.0", product_id: "T037950-fixed", }, }, ], category: "product_name", name: "Commons", }, ], category: "vendor", name: "Apache", }, { branches: [ { category: "product_name", name: "Fedora Linux", product: { name: "Fedora Linux", product_id: "74185", product_identification_helper: { cpe: "cpe:/o:fedoraproject:fedora:-", }, }, }, ], category: "vendor", name: "Fedora", }, { branches: [ { branches: [ { category: "product_version_range", name: "<9.1.17.0", product: { name: "HCL Commerce <9.1.17.0", product_id: "T039584", }, }, { category: "product_version", name: "9.1.17.0", product: { name: "HCL Commerce 9.1.17.0", product_id: "T039584-fixed", product_identification_helper: { cpe: "cpe:/a:hcltechsw:commerce:9.1.17.0", }, }, }, ], category: "product_name", name: "Commerce", }, ], category: "vendor", name: "HCL", }, { branches: [ { category: "product_name", name: "IBM App Connect Enterprise", product: { name: "IBM App Connect Enterprise", product_id: "T032495", product_identification_helper: { cpe: "cpe:/a:ibm:app_connect_enterprise:-", }, }, }, { branches: [ { category: "product_version", name: "9", product: { name: "IBM InfoSphere Identity Insight 9.0", product_id: "723109", product_identification_helper: { cpe: "cpe:/a:ibm:infosphere_identity_insight:9.0", }, }, }, { category: "product_version", name: "9.1", product: { name: "IBM InfoSphere Identity Insight 9.1", product_id: "T024310", product_identification_helper: { cpe: "cpe:/a:ibm:infosphere_identity_insight:9.1", }, }, }, { category: "product_version", name: "10", product: { name: "IBM InfoSphere Identity Insight 10.0", product_id: "T024311", product_identification_helper: { cpe: "cpe:/a:ibm:infosphere_identity_insight:10.0", }, }, }, ], category: "product_name", name: "InfoSphere Identity Insight", }, { branches: [ { category: "product_version", name: "11.7", product: { name: "IBM InfoSphere Information Server 11.7", product_id: "444803", product_identification_helper: { cpe: "cpe:/a:ibm:infosphere_information_server:11.7", }, }, }, ], category: "product_name", name: "InfoSphere Information Server", }, { category: "product_name", name: "IBM Integration Bus", product: { name: "IBM Integration Bus", product_id: "T039654", product_identification_helper: { cpe: "cpe:/a:ibm:integration_bus:for_zos", }, }, }, { category: "product_name", name: "IBM Operational Decision Manager", product: { name: "IBM Operational Decision Manager", product_id: "T005180", product_identification_helper: { cpe: "cpe:/a:ibm:operational_decision_manager:-", }, }, }, { branches: [ { category: "product_version_range", name: "WebGUI <8.1.0 Fix Pack 34", product: { name: "IBM Tivoli Netcool/OMNIbus WebGUI <8.1.0 Fix Pack 34", product_id: "T039247", }, }, { category: "product_version", name: "WebGUI 8.1.0 Fix Pack 34", product: { name: "IBM Tivoli Netcool/OMNIbus WebGUI 8.1.0 Fix Pack 34", product_id: "T039247-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:tivoli_netcool%2fomnibus:webgui__8.1.0_fix_pack_34", }, }, }, ], category: "product_name", name: "Tivoli Netcool/OMNIbus", }, ], category: "vendor", name: "IBM", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, { category: "product_name", name: "SUSE openSUSE", product: { name: "SUSE openSUSE", product_id: "T027843", product_identification_helper: { cpe: "cpe:/o:suse:opensuse:-", }, }, }, ], category: "vendor", name: "SUSE", }, ], }, vulnerabilities: [ { cve: "CVE-2024-47554", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Apache Commons IO bezüglich der \"org.apache.commons.io.input.XmlStreamReader\" Klasse. Eingaben werden nicht ausreichend bereinigt. Ein entfernter, anonymer Angreifer kann durch speziell gestaltete Eingaben die vorhandenen CPU Ressourcen verbrauchen und damit einen Denial of Service Zustand herbeiführen.", }, ], product_status: { known_affected: [ "T037949", "67646", "74185", "T039247", "T039654", "T032495", "723109", "T039584", "T002207", "444803", "T024311", "T027843", "T005180", "T024310", ], }, release_date: "2024-10-03T22:00:00.000+00:00", title: "CVE-2024-47554", }, ], }
wid-sec-w-2025-0001
Vulnerability from csaf_certbund
Published
2025-01-01 23:00
Modified
2025-01-06 23:00
Summary
IBM DB2: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.
Angriff
Ein entfernter oder lokaler Angreifer kann mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen.
Betroffene Betriebssysteme
- Sonstiges
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter oder lokaler Angreifer kann mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen.", title: "Angriff", }, { category: "general", text: "- Sonstiges", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2025-0001 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0001.json", }, { category: "self", summary: "WID-SEC-2025-0001 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0001", }, { category: "external", summary: "IBM Security Bulletin vom 2025-01-01", url: "https://www.ibm.com/support/pages/node/7180105", }, { category: "external", summary: "IBM Security Bulletin 7180361 vom 2025-01-07", url: "https://www.ibm.com/support/pages/node/7180361", }, ], source_lang: "en-US", title: "IBM DB2: Mehrere Schwachstellen", tracking: { current_release_date: "2025-01-06T23:00:00.000+00:00", generator: { date: "2025-01-07T11:42:20.646+00:00", engine: { name: "BSI-WID", version: "1.3.10", }, }, id: "WID-SEC-W-2025-0001", initial_release_date: "2025-01-01T23:00:00.000+00:00", revision_history: [ { date: "2025-01-01T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2025-01-06T23:00:00.000+00:00", number: "2", summary: "Neue Updates von IBM aufgenommen", }, ], status: "final", version: "2", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<5.1.0", product: { name: "IBM DB2 <5.1.0", product_id: "T039987", }, }, { category: "product_version", name: "5.1.0", product: { name: "IBM DB2 5.1.0", product_id: "T039987-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:db2:5.1.0", }, }, }, { category: "product_version_range", name: "Warehouse <5.1.0", product: { name: "IBM DB2 Warehouse <5.1.0", product_id: "T039988", }, }, { category: "product_version", name: "Warehouse 5.1.0", product: { name: "IBM DB2 Warehouse 5.1.0", product_id: "T039988-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:db2:warehouse__5.1.0", }, }, }, ], category: "product_name", name: "DB2", }, { branches: [ { category: "product_version_range", name: "<10.1.6.4", product: { name: "IBM Spectrum Protect Plus <10.1.6.4", product_id: "T040030", }, }, { category: "product_version", name: "10.1.6.4", product: { name: "IBM Spectrum Protect Plus 10.1.6.4", product_id: "T040030-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:spectrum_protect_plus:10.1.6.4", }, }, }, ], category: "product_name", name: "Spectrum Protect Plus", }, ], category: "vendor", name: "IBM", }, ], }, vulnerabilities: [ { cve: "CVE-2021-32740", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2021-32740", }, { cve: "CVE-2021-41186", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2021-41186", }, { cve: "CVE-2022-0759", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2022-0759", }, { cve: "CVE-2022-24795", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2022-24795", }, { cve: "CVE-2022-31163", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2022-31163", }, { cve: "CVE-2023-39325", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2023-39325", }, { cve: "CVE-2023-41993", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2023-41993", }, { cve: "CVE-2023-45283", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2023-45283", }, { cve: "CVE-2023-45288", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2023-45288", }, { cve: "CVE-2023-6597", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2023-6597", }, { cve: "CVE-2024-0406", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-0406", }, { cve: "CVE-2024-20918", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-20918", }, { cve: "CVE-2024-20952", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-20952", }, { cve: "CVE-2024-2398", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-2398", }, { cve: "CVE-2024-24786", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-24786", }, { cve: "CVE-2024-27281", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-27281", }, { cve: "CVE-2024-2961", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-2961", }, { cve: "CVE-2024-29857", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-29857", }, { cve: "CVE-2024-33599", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-33599", }, { cve: "CVE-2024-33883", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-33883", }, { cve: "CVE-2024-37370", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-37370", }, { cve: "CVE-2024-37371", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-37371", }, { cve: "CVE-2024-37890", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-37890", }, { cve: "CVE-2024-39338", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-39338", }, { cve: "CVE-2024-4068", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-4068", }, { cve: "CVE-2024-41110", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-41110", }, { cve: "CVE-2024-41123", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-41123", }, { cve: "CVE-2024-41946", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-41946", }, { cve: "CVE-2024-45296", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-45296", }, { cve: "CVE-2024-45491", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-45491", }, { cve: "CVE-2024-45590", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-45590", }, { cve: "CVE-2024-47220", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-47220", }, { cve: "CVE-2024-47554", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-47554", }, { cve: "CVE-2024-6119", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-6119", }, { cve: "CVE-2024-6345", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM DB2 on Cloud Pak for Data. Diese existieren wegen unsachgemäßer Überprüfungen, sowie Fehlern in der Speicherbehandlung, Eingabevalidierung und Berechtigungsverwaltung bezüglich der genutzten Komponenten, wie z.B. Java SE, cURL, Bouncy Castle, Kerberos und expat. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T040030", "T039988", "T039987", ], }, release_date: "2025-01-01T23:00:00.000+00:00", title: "CVE-2024-6345", }, ], }
opensuse-su-2024:14387-1
Vulnerability from csaf_opensuse
Published
2024-10-08 00:00
Modified
2024-10-08 00:00
Summary
apache-commons-io-2.17.0-2.1 on GA media
Notes
Title of the patch
apache-commons-io-2.17.0-2.1 on GA media
Description of the patch
These are all security issues fixed in the apache-commons-io-2.17.0-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-14387
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "apache-commons-io-2.17.0-2.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the apache-commons-io-2.17.0-2.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-14387", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14387-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2024:14387-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JRY5QEEISAVBMYG363PQWMMY2EMLEE5E/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2024:14387-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JRY5QEEISAVBMYG363PQWMMY2EMLEE5E/", }, { category: "self", summary: "SUSE CVE CVE-2024-47554 page", url: "https://www.suse.com/security/cve/CVE-2024-47554/", }, ], title: "apache-commons-io-2.17.0-2.1 on GA media", tracking: { current_release_date: "2024-10-08T00:00:00Z", generator: { date: "2024-10-08T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:14387-1", initial_release_date: "2024-10-08T00:00:00Z", revision_history: [ { date: "2024-10-08T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "apache-commons-io-2.17.0-2.1.aarch64", product: { name: "apache-commons-io-2.17.0-2.1.aarch64", product_id: "apache-commons-io-2.17.0-2.1.aarch64", }, }, { category: "product_version", name: "apache-commons-io-javadoc-2.17.0-2.1.aarch64", product: { name: "apache-commons-io-javadoc-2.17.0-2.1.aarch64", product_id: "apache-commons-io-javadoc-2.17.0-2.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "apache-commons-io-2.17.0-2.1.ppc64le", product: { name: "apache-commons-io-2.17.0-2.1.ppc64le", product_id: "apache-commons-io-2.17.0-2.1.ppc64le", }, }, { category: "product_version", name: "apache-commons-io-javadoc-2.17.0-2.1.ppc64le", product: { name: "apache-commons-io-javadoc-2.17.0-2.1.ppc64le", product_id: "apache-commons-io-javadoc-2.17.0-2.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "apache-commons-io-2.17.0-2.1.s390x", product: { name: "apache-commons-io-2.17.0-2.1.s390x", product_id: "apache-commons-io-2.17.0-2.1.s390x", }, }, { category: "product_version", name: "apache-commons-io-javadoc-2.17.0-2.1.s390x", product: { name: "apache-commons-io-javadoc-2.17.0-2.1.s390x", product_id: "apache-commons-io-javadoc-2.17.0-2.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "apache-commons-io-2.17.0-2.1.x86_64", product: { name: "apache-commons-io-2.17.0-2.1.x86_64", product_id: "apache-commons-io-2.17.0-2.1.x86_64", }, }, { category: "product_version", name: "apache-commons-io-javadoc-2.17.0-2.1.x86_64", product: { name: "apache-commons-io-javadoc-2.17.0-2.1.x86_64", product_id: "apache-commons-io-javadoc-2.17.0-2.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "apache-commons-io-2.17.0-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache-commons-io-2.17.0-2.1.aarch64", }, product_reference: "apache-commons-io-2.17.0-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache-commons-io-2.17.0-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache-commons-io-2.17.0-2.1.ppc64le", }, product_reference: "apache-commons-io-2.17.0-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache-commons-io-2.17.0-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache-commons-io-2.17.0-2.1.s390x", }, product_reference: "apache-commons-io-2.17.0-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache-commons-io-2.17.0-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache-commons-io-2.17.0-2.1.x86_64", }, product_reference: "apache-commons-io-2.17.0-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache-commons-io-javadoc-2.17.0-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache-commons-io-javadoc-2.17.0-2.1.aarch64", }, product_reference: "apache-commons-io-javadoc-2.17.0-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache-commons-io-javadoc-2.17.0-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache-commons-io-javadoc-2.17.0-2.1.ppc64le", }, product_reference: "apache-commons-io-javadoc-2.17.0-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache-commons-io-javadoc-2.17.0-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache-commons-io-javadoc-2.17.0-2.1.s390x", }, product_reference: "apache-commons-io-javadoc-2.17.0-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "apache-commons-io-javadoc-2.17.0-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:apache-commons-io-javadoc-2.17.0-2.1.x86_64", }, product_reference: "apache-commons-io-javadoc-2.17.0-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2024-47554", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-47554", }, ], notes: [ { category: "general", text: "Uncontrolled Resource Consumption vulnerability in Apache Commons IO.\n\nThe org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.\n\n\nThis issue affects Apache Commons IO: from 2.0 before 2.14.0.\n\nUsers are recommended to upgrade to version 2.14.0 or later, which fixes the issue.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:apache-commons-io-2.17.0-2.1.aarch64", "openSUSE Tumbleweed:apache-commons-io-2.17.0-2.1.ppc64le", "openSUSE Tumbleweed:apache-commons-io-2.17.0-2.1.s390x", "openSUSE Tumbleweed:apache-commons-io-2.17.0-2.1.x86_64", "openSUSE Tumbleweed:apache-commons-io-javadoc-2.17.0-2.1.aarch64", "openSUSE Tumbleweed:apache-commons-io-javadoc-2.17.0-2.1.ppc64le", "openSUSE Tumbleweed:apache-commons-io-javadoc-2.17.0-2.1.s390x", "openSUSE Tumbleweed:apache-commons-io-javadoc-2.17.0-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-47554", url: "https://www.suse.com/security/cve/CVE-2024-47554", }, { category: "external", summary: "SUSE Bug 1231298 for CVE-2024-47554", url: "https://bugzilla.suse.com/1231298", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:apache-commons-io-2.17.0-2.1.aarch64", "openSUSE Tumbleweed:apache-commons-io-2.17.0-2.1.ppc64le", "openSUSE Tumbleweed:apache-commons-io-2.17.0-2.1.s390x", "openSUSE Tumbleweed:apache-commons-io-2.17.0-2.1.x86_64", "openSUSE Tumbleweed:apache-commons-io-javadoc-2.17.0-2.1.aarch64", "openSUSE Tumbleweed:apache-commons-io-javadoc-2.17.0-2.1.ppc64le", "openSUSE Tumbleweed:apache-commons-io-javadoc-2.17.0-2.1.s390x", "openSUSE Tumbleweed:apache-commons-io-javadoc-2.17.0-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:apache-commons-io-2.17.0-2.1.aarch64", "openSUSE Tumbleweed:apache-commons-io-2.17.0-2.1.ppc64le", "openSUSE Tumbleweed:apache-commons-io-2.17.0-2.1.s390x", "openSUSE Tumbleweed:apache-commons-io-2.17.0-2.1.x86_64", "openSUSE Tumbleweed:apache-commons-io-javadoc-2.17.0-2.1.aarch64", "openSUSE Tumbleweed:apache-commons-io-javadoc-2.17.0-2.1.ppc64le", "openSUSE Tumbleweed:apache-commons-io-javadoc-2.17.0-2.1.s390x", "openSUSE Tumbleweed:apache-commons-io-javadoc-2.17.0-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-10-08T00:00:00Z", details: "moderate", }, ], title: "CVE-2024-47554", }, ], }
fkie_cve-2024-47554
Vulnerability from fkie_nvd
Published
2024-10-03 12:15
Modified
2025-01-31 15:15
Severity ?
Summary
Uncontrolled Resource Consumption vulnerability in Apache Commons IO.
The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.
This issue affects Apache Commons IO: from 2.0 before 2.14.0.
Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.
References
Impacted products
| Vendor | Product | Version |
|---|
{ cveTags: [], descriptions: [ { lang: "en", value: "Uncontrolled Resource Consumption vulnerability in Apache Commons IO.\n\nThe org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.\n\n\nThis issue affects Apache Commons IO: from 2.0 before 2.14.0.\n\nUsers are recommended to upgrade to version 2.14.0 or later, which fixes the issue.", }, { lang: "es", value: "Vulnerabilidad de consumo descontrolado de recursos en Apache Commons IO. La clase org.apache.commons.io.input.XmlStreamReader puede consumir recursos de CPU en exceso al procesar una entrada manipulada con fines malintencionados. Este problema afecta a Apache Commons IO: desde la versión 2.0 hasta la 2.14.0. Se recomienda a los usuarios que actualicen a la versión 2.14.0 o posterior, que soluciona el problema.", }, ], id: "CVE-2024-47554", lastModified: "2025-01-31T15:15:13.520", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-10-03T12:15:02.613", references: [ { source: "security@apache.org", url: "https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/10/03/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20250131-0010/", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Awaiting Analysis", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "security@apache.org", type: "Secondary", }, ], }
suse-su-2024:3596-1
Vulnerability from csaf_suse
Published
2024-10-11 08:38
Modified
2024-10-11 08:38
Summary
Security update for apache-commons-io
Notes
Title of the patch
Security update for apache-commons-io
Description of the patch
This update for apache-commons-io fixes the following issues:
Upgrade to 2.17.0:
- CVE-2024-47554: Fixed untrusted input to XmlStreamReader can lead to uncontrolled resource consumption (bsc#1231298)
Other changes:
- https://commons.apache.org/proper/commons-io/changes-report.html#a2.17.0
Patchnames
SUSE-2024-3596,SUSE-SLE-SDK-12-SP5-2024-3596,SUSE-SLE-SERVER-12-SP5-2024-3596
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for apache-commons-io", title: "Title of the patch", }, { category: "description", text: "This update for apache-commons-io fixes the following issues:\n\nUpgrade to 2.17.0:\n\n- CVE-2024-47554: Fixed untrusted input to XmlStreamReader can lead to uncontrolled resource consumption (bsc#1231298)\n\nOther changes:\n- https://commons.apache.org/proper/commons-io/changes-report.html#a2.17.0\n \n", title: "Description of the patch", }, { category: "details", text: "SUSE-2024-3596,SUSE-SLE-SDK-12-SP5-2024-3596,SUSE-SLE-SERVER-12-SP5-2024-3596", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_3596-1.json", }, { category: "self", summary: "URL for SUSE-SU-2024:3596-1", url: "https://www.suse.com/support/update/announcement/2024/suse-su-20243596-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2024:3596-1", url: "https://lists.suse.com/pipermail/sle-updates/2024-October/037218.html", }, { category: "self", summary: "SUSE Bug 1231298", url: "https://bugzilla.suse.com/1231298", }, { category: "self", summary: "SUSE CVE CVE-2024-47554 page", url: "https://www.suse.com/security/cve/CVE-2024-47554/", }, ], title: "Security update for apache-commons-io", tracking: { current_release_date: "2024-10-11T08:38:55Z", generator: { date: "2024-10-11T08:38:55Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2024:3596-1", initial_release_date: "2024-10-11T08:38:55Z", revision_history: [ { date: "2024-10-11T08:38:55Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "apache-commons-io-2.17.0-11.3.1.noarch", product: { name: "apache-commons-io-2.17.0-11.3.1.noarch", product_id: "apache-commons-io-2.17.0-11.3.1.noarch", }, }, { category: "product_version", name: "apache-commons-io-javadoc-2.17.0-11.3.1.noarch", product: { name: "apache-commons-io-javadoc-2.17.0-11.3.1.noarch", product_id: "apache-commons-io-javadoc-2.17.0-11.3.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Software Development Kit 12 SP5", product: { name: "SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sle-sdk:12:sp5", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP5", product: { name: "SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp5", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "apache-commons-io-2.17.0-11.3.1.noarch as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:apache-commons-io-2.17.0-11.3.1.noarch", }, product_reference: "apache-commons-io-2.17.0-11.3.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "apache-commons-io-2.17.0-11.3.1.noarch as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:apache-commons-io-2.17.0-11.3.1.noarch", }, product_reference: "apache-commons-io-2.17.0-11.3.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "apache-commons-io-2.17.0-11.3.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:apache-commons-io-2.17.0-11.3.1.noarch", }, product_reference: "apache-commons-io-2.17.0-11.3.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, ], }, vulnerabilities: [ { cve: "CVE-2024-47554", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-47554", }, ], notes: [ { category: "general", text: "Uncontrolled Resource Consumption vulnerability in Apache Commons IO.\n\nThe org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.\n\n\nThis issue affects Apache Commons IO: from 2.0 before 2.14.0.\n\nUsers are recommended to upgrade to version 2.14.0 or later, which fixes the issue.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:apache-commons-io-2.17.0-11.3.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:apache-commons-io-2.17.0-11.3.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP5:apache-commons-io-2.17.0-11.3.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2024-47554", url: "https://www.suse.com/security/cve/CVE-2024-47554", }, { category: "external", summary: "SUSE Bug 1231298 for CVE-2024-47554", url: "https://bugzilla.suse.com/1231298", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:apache-commons-io-2.17.0-11.3.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:apache-commons-io-2.17.0-11.3.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP5:apache-commons-io-2.17.0-11.3.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:apache-commons-io-2.17.0-11.3.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:apache-commons-io-2.17.0-11.3.1.noarch", "SUSE Linux Enterprise Software Development Kit 12 SP5:apache-commons-io-2.17.0-11.3.1.noarch", ], }, ], threats: [ { category: "impact", date: "2024-10-11T08:38:55Z", details: "moderate", }, ], title: "CVE-2024-47554", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.