Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-30280 (GCVE-0-2025-30280)
Vulnerability from cvelistv5 – Published: 2025-04-08 08:22 – Updated: 2025-06-10 15:17
VLAI?
EPSS
Summary
A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.21.0), Mendix Runtime V10.12 (All versions < V10.12.16), Mendix Runtime V10.18 (All versions < V10.18.5), Mendix Runtime V10.6 (All versions < V10.6.22), Mendix Runtime V8 (All versions < V8.18.35), Mendix Runtime V9 (All versions < V9.24.34). Affected applications allow for entity enumeration due to distinguishable responses in certain client actions. This could allow an unauthenticated remote attacker to list all valid entities and attribute names of a Mendix Runtime-based application.
Severity ?
5.3 (Medium)
CWE
- CWE-204 - Observable Response Discrepancy
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | Mendix Runtime V10 |
Affected:
0 , < V10.21.0
(custom)
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30280",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-08T13:10:20.606472Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T13:12:03.334Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Mendix Runtime V10",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V10.21.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Runtime V10.12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V10.12.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Runtime V10.18",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V10.18.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Runtime V10.6",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V10.6.22",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Runtime V8",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.18.35",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Runtime V9",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.24.34",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Mendix Runtime V10 (All versions \u003c V10.21.0), Mendix Runtime V10.12 (All versions \u003c V10.12.16), Mendix Runtime V10.18 (All versions \u003c V10.18.5), Mendix Runtime V10.6 (All versions \u003c V10.6.22), Mendix Runtime V8 (All versions \u003c V8.18.35), Mendix Runtime V9 (All versions \u003c V9.24.34). Affected applications allow for entity enumeration due to distinguishable responses in certain client actions. This could allow an unauthenticated remote attacker to list all valid entities and attribute names of a Mendix Runtime-based application."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204: Observable Response Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T15:17:23.562Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-874353.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-30280",
"datePublished": "2025-04-08T08:22:31.167Z",
"dateReserved": "2025-03-20T11:01:33.481Z",
"dateUpdated": "2025-06-10T15:17:23.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-30280\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2025-04-08T09:15:27.793\",\"lastModified\":\"2025-06-10T16:15:37.550\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in Mendix Runtime V10 (All versions \u003c V10.21.0), Mendix Runtime V10.12 (All versions \u003c V10.12.16), Mendix Runtime V10.18 (All versions \u003c V10.18.5), Mendix Runtime V10.6 (All versions \u003c V10.6.22), Mendix Runtime V8 (All versions \u003c V8.18.35), Mendix Runtime V9 (All versions \u003c V9.24.34). Affected applications allow for entity enumeration due to distinguishable responses in certain client actions. This could allow an unauthenticated remote attacker to list all valid entities and attribute names of a Mendix Runtime-based application.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en Mendix Runtime V10 (todas las versiones anteriores a la V10.21.0), Mendix Runtime V10.12 (todas las versiones), Mendix Runtime V10.18 (todas las versiones), Mendix Runtime V10.6 (todas las versiones), Mendix Runtime V8 (todas las versiones) y Mendix Runtime V9 (todas las versiones anteriores a la V9.24.34). Las aplicaciones afectadas permiten la enumeraci\u00f3n de entidades debido a respuestas distinguibles en ciertas acciones del cliente. Esto podr\u00eda permitir que un atacante remoto no autenticado liste todas las entidades y nombres de atributos v\u00e1lidos de una aplicaci\u00f3n basada en Mendix Runtime.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-204\"}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-874353.html\",\"source\":\"productcert@siemens.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-30280\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-08T13:10:20.606472Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-08T13:11:57.875Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\"}}, {\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 6.9, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N\"}}], \"affected\": [{\"vendor\": \"Siemens\", \"product\": \"Mendix Runtime V10\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V10.21.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Mendix Runtime V10.12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V10.12.16\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Mendix Runtime V10.18\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V10.18.5\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Mendix Runtime V10.6\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V10.6.22\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Mendix Runtime V8\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V8.18.35\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Mendix Runtime V9\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V9.24.34\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-874353.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in Mendix Runtime V10 (All versions \u003c V10.21.0), Mendix Runtime V10.12 (All versions \u003c V10.12.16), Mendix Runtime V10.18 (All versions \u003c V10.18.5), Mendix Runtime V10.6 (All versions \u003c V10.6.22), Mendix Runtime V8 (All versions \u003c V8.18.35), Mendix Runtime V9 (All versions \u003c V9.24.34). Affected applications allow for entity enumeration due to distinguishable responses in certain client actions. This could allow an unauthenticated remote attacker to list all valid entities and attribute names of a Mendix Runtime-based application.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-204\", \"description\": \"CWE-204: Observable Response Discrepancy\"}]}], \"providerMetadata\": {\"orgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"shortName\": \"siemens\", \"dateUpdated\": \"2025-06-10T15:17:23.562Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-30280\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-10T15:17:23.562Z\", \"dateReserved\": \"2025-03-20T11:01:33.481Z\", \"assignerOrgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"datePublished\": \"2025-04-08T08:22:31.167Z\", \"assignerShortName\": \"siemens\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
GHSA-F7J7-J734-VM9X
Vulnerability from github – Published: 2025-04-08 09:31 – Updated: 2025-04-08 09:31
VLAI?
Details
A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.21.0), Mendix Runtime V10.12 (All versions), Mendix Runtime V10.18 (All versions), Mendix Runtime V10.6 (All versions), Mendix Runtime V8 (All versions), Mendix Runtime V9 (All versions < V9.24.34). Affected applications allow for entity enumeration due to distinguishable responses in certain client actions. This could allow an unauthenticated remote attacker to list all valid entities and attribute names of a Mendix Runtime-based application.
Severity ?
5.3 (Medium)
{
"affected": [],
"aliases": [
"CVE-2025-30280"
],
"database_specific": {
"cwe_ids": [
"CWE-204"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T09:15:27Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in Mendix Runtime V10 (All versions \u003c V10.21.0), Mendix Runtime V10.12 (All versions), Mendix Runtime V10.18 (All versions), Mendix Runtime V10.6 (All versions), Mendix Runtime V8 (All versions), Mendix Runtime V9 (All versions \u003c V9.24.34). Affected applications allow for entity enumeration due to distinguishable responses in certain client actions. This could allow an unauthenticated remote attacker to list all valid entities and attribute names of a Mendix Runtime-based application.",
"id": "GHSA-f7j7-j734-vm9x",
"modified": "2025-04-08T09:31:12Z",
"published": "2025-04-08T09:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30280"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-874353.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
ICSA-25-105-01
Vulnerability from csaf_cisa - Published: 2025-04-08 00:00 - Updated: 2025-06-10 00:00Summary
Siemens Mendix Runtime
Notes
Summary
Mendix Runtime allows for entity enumeration due to distinguishable responses in certain client actions. This could allow an unauthenticated remote attacker to list all valid entities and attribute names of a Mendix Runtime-based application.
Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at:
https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This ICSA is a verbatim republication of Siemens ProductCERT SSA-874353 from a direct conversion of their vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.
Critical infrastructure sectors
Critical Manufacturing
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting this vulnerability to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Mendix Runtime allows for entity enumeration due to distinguishable responses in certain client actions. This could allow an unauthenticated remote attacker to list all valid entities and attribute names of a Mendix Runtime-based application.\n\nSiemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: \nhttps://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This ICSA is a verbatim republication of Siemens ProductCERT SSA-874353 from a direct conversion of their vendor\u0027s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA\u0027s website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-874353: Entity Enumeration Vulnerability in Mendix Runtime - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-874353.json"
},
{
"category": "self",
"summary": "SSA-874353: Entity Enumeration Vulnerability in Mendix Runtime - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-874353.html"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-25-105-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-105-01.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-25-105-01 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens Mendix Runtime",
"tracking": {
"current_release_date": "2025-06-10T00:00:00.000000Z",
"generator": {
"date": "2025-06-12T16:06:22.273628Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-25-105-01",
"initial_release_date": "2025-04-08T00:00:00.000000Z",
"revision_history": [
{
"date": "2025-04-08T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2025-04-10T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added fix for Mendix Runtime V10.18"
},
{
"date": "2025-04-14T00:00:00.000000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added fix for Mendix Runtime V10.12 and V10.6"
},
{
"date": "2025-06-10T00:00:00.000000Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Added fix for Mendix Runtime V8"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.18.35",
"product": {
"name": "Mendix Runtime V8",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Mendix Runtime V8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV9.24.34",
"product": {
"name": "Mendix Runtime V9",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "Mendix Runtime V9"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV10.21.0",
"product": {
"name": "Mendix Runtime V10",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "Mendix Runtime V10"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV10.6.22",
"product": {
"name": "Mendix Runtime V10.6",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "Mendix Runtime V10.6"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV10.12.16",
"product": {
"name": "Mendix Runtime V10.12",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "Mendix Runtime V10.12"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV10.18.5",
"product": {
"name": "Mendix Runtime V10.18",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "Mendix Runtime V10.18"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-30280",
"cwe": {
"id": "CWE-204",
"name": "Observable Response Discrepancy"
},
"notes": [
{
"category": "summary",
"text": "Affected applications allow for entity enumeration due to distinguishable responses in certain client actions. This could allow an unauthenticated remote attacker to list all valid entities and attribute names of a Mendix Runtime-based application.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V10.12.16 or later version",
"product_ids": [
"CSAFPID-0005"
],
"url": "https://docs.mendix.com/releasenotes/studio-pro/10/"
},
{
"category": "vendor_fix",
"details": "Update to V10.18.5 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://docs.mendix.com/releasenotes/studio-pro/"
},
{
"category": "vendor_fix",
"details": "Update to V10.21.0 or later version",
"product_ids": [
"CSAFPID-0003"
],
"url": "https://docs.mendix.com/releasenotes/studio-pro/10/"
},
{
"category": "vendor_fix",
"details": "Update to V10.6.22 or later version",
"product_ids": [
"CSAFPID-0004"
],
"url": "https://docs.mendix.com/releasenotes/studio-pro/10/"
},
{
"category": "vendor_fix",
"details": "Update to V8.18.35 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://docs.mendix.com/releasenotes/studio-pro/8/"
},
{
"category": "vendor_fix",
"details": "Update to V9.24.34 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://docs.mendix.com/releasenotes/studio-pro/9/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "CVE-2025-30280"
}
]
}
NCSC-2025-0106
Vulnerability from csaf_ncscnl - Published: 2025-04-08 13:57 - Updated: 2025-04-08 13:57Summary
Kwetsbaarheden verholpen in Siemens producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Siemens heeft kwetsbaarheden verholpen in diverse producten als Industrial Edge Devices, Mendix, SENTRON, SIDIS, SIMATIC, SIPLUS,Insights Hub Private Cloud, Siemens License Server en Solid Edge.
Interpretaties
De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipulatie van gegevens
- Omzeilen van een beveiligingsmaatregel
- Omzeilen van authenticatie
- (Remote) code execution (root/admin rechten)
- (Remote) code execution (Gebruikersrechten)
- Toegang tot systeemgegevens
- Toegang tot gevoelige gegevens
- Spoofing
De kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.
Oplossingen
Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.
Dreigingsinformatie
Kans
medium
Schade
high
CWE-287
Improper Authentication
CWE-1240
Use of a Cryptographic Primitive with a Risky Implementation
CWE-606
Unchecked Input for Loop Condition
CWE-1395
Dependency on Vulnerable Third-Party Component
CWE-363
Race Condition Enabling Link Following
CWE-420
Unprotected Alternate Channel
CWE-684
Incorrect Provision of Specified Functionality
CWE-834
Excessive Iteration
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE-440
Expected Behavior Violation
CWE-754
Improper Check for Unusual or Exceptional Conditions
CWE-319
Cleartext Transmission of Sensitive Information
CWE-354
Improper Validation of Integrity Check Value
CWE-325
Missing Cryptographic Step
CWE-404
Improper Resource Shutdown or Release
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-1333
Inefficient Regular Expression Complexity
CWE-416
Use After Free
CWE-476
NULL Pointer Dereference
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CWE-400
Uncontrolled Resource Consumption
CWE-787
Out-of-bounds Write
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-122
Heap-based Buffer Overflow
CWE-20
Improper Input Validation
CWE-1390
Weak Authentication
CWE-204
Observable Response Discrepancy
CWE-15
External Control of System or Configuration Setting
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-653
Improper Isolation or Compartmentalization
CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE-620
Unverified Password Change
CWE-798
Use of Hard-coded Credentials
CWE-269
Improper Privilege Management
CWE-295
Improper Certificate Validation
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Siemens heeft kwetsbaarheden verholpen in diverse producten als Industrial Edge Devices, Mendix, SENTRON, SIDIS, SIMATIC, SIPLUS,Insights Hub Private Cloud, Siemens License Server en Solid Edge.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Manipulatie van gegevens\n- Omzeilen van een beveiligingsmaatregel\n- Omzeilen van authenticatie\n- (Remote) code execution (root/admin rechten)\n- (Remote) code execution (Gebruikersrechten)\n- Toegang tot systeemgegevens\n- Toegang tot gevoelige gegevens\n- Spoofing\n\nDe kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico\u0027s zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "description",
"text": " ",
"title": "Dreigingsinformatie"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Authentication",
"title": "CWE-287"
},
{
"category": "general",
"text": "Use of a Cryptographic Primitive with a Risky Implementation",
"title": "CWE-1240"
},
{
"category": "general",
"text": "Unchecked Input for Loop Condition",
"title": "CWE-606"
},
{
"category": "general",
"text": "Dependency on Vulnerable Third-Party Component",
"title": "CWE-1395"
},
{
"category": "general",
"text": "Race Condition Enabling Link Following",
"title": "CWE-363"
},
{
"category": "general",
"text": "Unprotected Alternate Channel",
"title": "CWE-420"
},
{
"category": "general",
"text": "Incorrect Provision of Specified Functionality",
"title": "CWE-684"
},
{
"category": "general",
"text": "Excessive Iteration",
"title": "CWE-834"
},
{
"category": "general",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
},
{
"category": "general",
"text": "Expected Behavior Violation",
"title": "CWE-440"
},
{
"category": "general",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
},
{
"category": "general",
"text": "Cleartext Transmission of Sensitive Information",
"title": "CWE-319"
},
{
"category": "general",
"text": "Improper Validation of Integrity Check Value",
"title": "CWE-354"
},
{
"category": "general",
"text": "Missing Cryptographic Step",
"title": "CWE-325"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Use of a Broken or Risky Cryptographic Algorithm",
"title": "CWE-327"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Weak Authentication",
"title": "CWE-1390"
},
{
"category": "general",
"text": "Observable Response Discrepancy",
"title": "CWE-204"
},
{
"category": "general",
"text": "External Control of System or Configuration Setting",
"title": "CWE-15"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Improper Isolation or Compartmentalization",
"title": "CWE-653"
},
{
"category": "general",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "Unverified Password Change",
"title": "CWE-620"
},
{
"category": "general",
"text": "Use of Hard-coded Credentials",
"title": "CWE-798"
},
{
"category": "general",
"text": "Improper Privilege Management",
"title": "CWE-269"
},
{
"category": "general",
"text": "Improper Certificate Validation",
"title": "CWE-295"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-187636.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-277137.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-525431.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-634640.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-672923.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-725549.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-819629.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-874353.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-817234.pdf"
}
],
"title": "Kwetsbaarheden verholpen in Siemens producten",
"tracking": {
"current_release_date": "2025-04-08T13:57:11.959816Z",
"generator": {
"date": "2025-02-25T15:15:00Z",
"engine": {
"name": "V.A.",
"version": "1.0"
}
},
"id": "NCSC-2025-0106",
"initial_release_date": "2025-04-08T13:57:11.959816Z",
"revision_history": [
{
"date": "2025-04-08T13:57:11.959816Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003cv1.21.1-1-a",
"product": {
"name": "vers:unknown/\u003cv1.21.1-1-a",
"product_id": "CSAFPID-2631845"
}
}
],
"category": "product_name",
"name": "Industrial Edge Own Device (IEOD)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003cv1.21.1-1",
"product": {
"name": "vers:unknown/\u003cv1.21.1-1",
"product_id": "CSAFPID-2631844"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.21"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003cv1.20.2-1",
"product": {
"name": "vers:unknown/\u003cv1.20.2-1",
"product_id": "CSAFPID-2631843"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.20"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631842"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631841"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631840"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - x86-64 V1.17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003cv1.21.1-1",
"product": {
"name": "vers:unknown/\u003cv1.21.1-1",
"product_id": "CSAFPID-2631839"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.21"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003cv1.20.2-1",
"product": {
"name": "vers:unknown/\u003cv1.20.2-1",
"product_id": "CSAFPID-2631838"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.20"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631837"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.19"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631836"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631835"
}
}
],
"category": "product_name",
"name": "Industrial Edge Device Kit - arm64 V1.17"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631900"
}
}
],
"category": "product_name",
"name": "SENTRON 7KT PAC1260 Data Manager"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/4.0",
"product": {
"name": "vers:unknown/4.0",
"product_id": "CSAFPID-2632341"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/4.1",
"product": {
"name": "vers:unknown/4.1",
"product_id": "CSAFPID-2632342"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/4.2",
"product": {
"name": "vers:unknown/4.2",
"product_id": "CSAFPID-2632343"
}
}
],
"category": "product_name",
"name": "License Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003cv4.3",
"product": {
"name": "vers:unknown/\u003cv4.3",
"product_id": "CSAFPID-2631790"
}
}
],
"category": "product_name",
"name": "Siemens License Server (SLS)"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:siemens/224.0 update 12",
"product": {
"name": "vers:siemens/224.0 update 12",
"product_id": "CSAFPID-2632460"
}
},
{
"category": "product_version_range",
"name": "vers:siemens/225.0 update 3",
"product": {
"name": "vers:siemens/225.0 update 3",
"product_id": "CSAFPID-2632459"
}
}
],
"category": "product_name",
"name": "Solid Edge"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:siemens/v224.0 update 12",
"product": {
"name": "vers:siemens/v224.0 update 12",
"product_id": "CSAFPID-2632083"
}
}
],
"category": "product_name",
"name": "Solid_Edge_Se2024"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:siemens/2.0 sp1",
"product": {
"name": "vers:siemens/2.0 sp1",
"product_id": "CSAFPID-1211926"
}
}
],
"category": "product_name",
"name": "SINEC Network Management System"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/none",
"product": {
"name": "vers:unknown/none",
"product_id": "CSAFPID-2619361"
}
}
],
"category": "product_name",
"name": "Siemens Simatic S7-1500 Tm Mfp"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003e=3|\u003c312",
"product": {
"name": "vers:unknown/\u003e=3|\u003c312",
"product_id": "CSAFPID-1209122"
}
}
],
"category": "product_name",
"name": "Siemens Telecontrol Server Basic"
}
],
"category": "product_family",
"name": "Siemens"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003cv224.0update12",
"product": {
"name": "vers:unknown/\u003cv224.0update12",
"product_id": "CSAFPID-2631854"
}
}
],
"category": "product_name",
"name": "Solid Edge SE2024"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003cv225.0update3",
"product": {
"name": "vers:unknown/\u003cv225.0update3",
"product_id": "CSAFPID-2631855"
}
}
],
"category": "product_name",
"name": "Solid Edge SE2025"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003cv2.0.0",
"product": {
"name": "vers:unknown/\u003cv2.0.0",
"product_id": "CSAFPID-1296722"
}
}
],
"category": "product_name",
"name": "SIMATIC CFU DIQ"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003cv2.0",
"product": {
"name": "vers:unknown/\u003cv2.0",
"product_id": "CSAFPID-2631923"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/\u003cv2.0.0",
"product": {
"name": "vers:unknown/\u003cv2.0.0",
"product_id": "CSAFPID-1296723"
}
}
],
"category": "product_name",
"name": "SIMATIC CFU PA"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631924"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200AL IM 157-1 PN"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631925"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200M IM 153-4 PN IO HF"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631926"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200M IM 153-4 PN IO ST"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631927"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200MP IM 155-5 PN BA"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631928"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200MP IM 155-5 PN HF"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631929"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200MP IM 155-5 PN ST"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631932"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200S IM 151-3 PN FO"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631933"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200S IM 151-3 PN HF"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631934"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200S IM 151-3 PN HS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631935"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200S IM 151-3 PN ST"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-1765658"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200S IM 151-8 PN/DP CPU"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-1765659"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200S IM 151-8F PN/DP CPU"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631856"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP CPU 1510SP F-1 PN"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631858"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP CPU 1510SP-1 PN"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631860"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP CPU 1512SP F-1 PN"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631862"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP CPU 1512SP-1 PN"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-1765660"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP IM 155-6 MF HF"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631936"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP IM 155-6 PN BA"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003cv1.3",
"product": {
"name": "vers:unknown/\u003cv1.3",
"product_id": "CSAFPID-2631937"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631938"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP IM 155-6 PN HF"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631939"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP IM 155-6 PN HS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631940"
}
}
],
"category": "product_name",
"name": "SIMATIC ET 200SP IM 155-6 PN ST"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631920"
}
}
],
"category": "product_name",
"name": "SIDOOR ATD430W"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631921"
}
}
],
"category": "product_name",
"name": "SIDOOR ATE530G COATED"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631922"
}
}
],
"category": "product_name",
"name": "SIDOOR ATE530S COATED"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631967"
}
}
],
"category": "product_name",
"name": "SIMOCODE pro V Ethernet/IP (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631968"
}
}
],
"category": "product_name",
"name": "SIMOCODE pro V PROFINET"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631969"
}
}
],
"category": "product_name",
"name": "SINUMERIK 840D sl"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2632004"
}
}
],
"category": "product_name",
"name": "SIWAREX WP231"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2632005"
}
}
],
"category": "product_name",
"name": "SIWAREX WP241"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2632006"
}
}
],
"category": "product_name",
"name": "SIWAREX WP251"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2632007"
}
}
],
"category": "product_name",
"name": "SIWAREX WP521 ST"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2632008"
}
}
],
"category": "product_name",
"name": "SIWAREX WP522 ST"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631966"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-1765690"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-1765691"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003cv8.3",
"product": {
"name": "vers:unknown/\u003cv8.3",
"product_id": "CSAFPID-2459039"
}
}
],
"category": "product_name",
"name": "SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631970"
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200M IM 153-4 PN IO HF"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631971"
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200M IM 153-4 PN IO ST"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631972"
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200MP IM 155-5 PN HF"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631973"
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631974"
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200MP IM 155-5 PN ST"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631975"
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200MP IM 155-5 PN ST TX RAIL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-1765700"
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200S IM 151-8 PN/DP CPU"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-1765701"
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200S IM 151-8F PN/DP CPU"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631976"
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200S IM151-3 PN HF"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631977"
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200S IM151-3 PN ST"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-1296980"
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200SP CPU 1512SP F-1 PN"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631978"
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200SP IM 155-6 PN HF"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631979"
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631980"
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200SP IM 155-6 PN HF TX RAIL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631981"
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200SP IM 155-6 PN ST"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631982"
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200SP IM 155-6 PN ST BA"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631983"
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631984"
}
}
],
"category": "product_name",
"name": "SIPLUS ET 200SP IM 155-6 PN ST TX RAIL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631985"
}
}
],
"category": "product_name",
"name": "SIPLUS HCS4200 CIM4210"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/10.16.0",
"product": {
"name": "vers:unknown/10.16.0",
"product_id": "CSAFPID-2632402"
}
}
],
"category": "product_name",
"name": "Mendix Runtime"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003cv10.21.0",
"product": {
"name": "vers:unknown/\u003cv10.21.0",
"product_id": "CSAFPID-2631802"
}
}
],
"category": "product_name",
"name": "Mendix Runtime V10"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631803"
}
}
],
"category": "product_name",
"name": "Mendix Runtime V10.12"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631804"
}
}
],
"category": "product_name",
"name": "Mendix Runtime V10.18"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-2631805"
}
}
],
"category": "product_name",
"name": "Mendix Runtime V10.6"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003c*",
"product": {
"name": "vers:unknown/\u003c*",
"product_id": "CSAFPID-1296837"
}
}
],
"category": "product_name",
"name": "Mendix Runtime V8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/\u003cv9.24.34",
"product": {
"name": "vers:unknown/\u003cv9.24.34",
"product_id": "CSAFPID-2631806"
}
}
],
"category": "product_name",
"name": "Mendix Runtime V9"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-21658",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"notes": [
{
"category": "other",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
},
{
"category": "other",
"text": "Race Condition Enabling Link Following",
"title": "CWE-363"
},
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-21658",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-21658.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
}
],
"title": "CVE-2022-21658"
},
{
"cve": "CVE-2023-2975",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "other",
"text": "Improper Authentication",
"title": "CWE-287"
},
{
"category": "other",
"text": "Improper Validation of Integrity Check Value",
"title": "CWE-354"
},
{
"category": "other",
"text": "Use of a Broken or Risky Cryptographic Algorithm",
"title": "CWE-327"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-2975",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-2975.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
}
],
"title": "CVE-2023-2975"
},
{
"cve": "CVE-2023-3446",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
},
{
"category": "other",
"text": "Unchecked Input for Loop Condition",
"title": "CWE-606"
},
{
"category": "other",
"text": "Use of a Cryptographic Primitive with a Risky Implementation",
"title": "CWE-1240"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-3446",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-3446.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
}
],
"title": "CVE-2023-3446"
},
{
"cve": "CVE-2023-3817",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Excessive Iteration",
"title": "CWE-834"
},
{
"category": "other",
"text": "Unchecked Input for Loop Condition",
"title": "CWE-606"
},
{
"category": "other",
"text": "Use of a Cryptographic Primitive with a Risky Implementation",
"title": "CWE-1240"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-3817",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-3817.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
}
],
"title": "CVE-2023-3817"
},
{
"cve": "CVE-2023-4807",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Expected Behavior Violation",
"title": "CWE-440"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-4807",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4807.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
}
],
"title": "CVE-2023-4807"
},
{
"cve": "CVE-2023-5363",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"notes": [
{
"category": "other",
"text": "Missing Cryptographic Step",
"title": "CWE-325"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Incorrect Provision of Specified Functionality",
"title": "CWE-684"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-5363",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5363.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
}
],
"title": "CVE-2023-5363"
},
{
"cve": "CVE-2023-5678",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
},
{
"category": "other",
"text": "Missing Cryptographic Step",
"title": "CWE-325"
},
{
"category": "other",
"text": "Unchecked Input for Loop Condition",
"title": "CWE-606"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-5678",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5678.json"
}
],
"title": "CVE-2023-5678"
},
{
"cve": "CVE-2023-7104",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-7104",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-7104.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
}
],
"title": "CVE-2023-7104"
},
{
"cve": "CVE-2024-0056",
"cwe": {
"id": "CWE-420",
"name": "Unprotected Alternate Channel"
},
"notes": [
{
"category": "other",
"text": "Unprotected Alternate Channel",
"title": "CWE-420"
},
{
"category": "other",
"text": "Cleartext Transmission of Sensitive Information",
"title": "CWE-319"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-0056",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0056.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
}
],
"title": "CVE-2024-0056"
},
{
"cve": "CVE-2024-0232",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-0232",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0232.json"
}
],
"title": "CVE-2024-0232"
},
{
"cve": "CVE-2024-0727",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-0727",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0727.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
}
],
"title": "CVE-2024-0727"
},
{
"cve": "CVE-2024-5535",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "other",
"text": "Dependency on Vulnerable Third-Party Component",
"title": "CWE-1395"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-5535",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5535.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
}
],
"title": "CVE-2024-5535"
},
{
"cve": "CVE-2024-9143",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-9143",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-9143.json"
}
],
"title": "CVE-2024-9143"
},
{
"cve": "CVE-2024-21319",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21319",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21319.json"
}
],
"title": "CVE-2024-21319"
},
{
"cve": "CVE-2024-23814",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-23814",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23814.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
}
],
"title": "CVE-2024-23814"
},
{
"cve": "CVE-2024-30105",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-30105",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-30105.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
}
],
"title": "CVE-2024-30105"
},
{
"cve": "CVE-2024-41788",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-41788",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41788.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
}
],
"title": "CVE-2024-41788"
},
{
"cve": "CVE-2024-41789",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-41789",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41789.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
}
],
"title": "CVE-2024-41789"
},
{
"cve": "CVE-2024-41790",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-41790",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41790.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
}
],
"title": "CVE-2024-41790"
},
{
"cve": "CVE-2024-41791",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "other",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-41791",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41791.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
}
],
"title": "CVE-2024-41791"
},
{
"cve": "CVE-2024-41792",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-41792",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41792.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
}
],
"title": "CVE-2024-41792"
},
{
"cve": "CVE-2024-41793",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "other",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:H/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-41793",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41793.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
}
],
"title": "CVE-2024-41793"
},
{
"cve": "CVE-2024-41794",
"cwe": {
"id": "CWE-798",
"name": "Use of Hard-coded Credentials"
},
"notes": [
{
"category": "other",
"text": "Use of Hard-coded Credentials",
"title": "CWE-798"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-41794",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41794.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
}
],
"title": "CVE-2024-41794"
},
{
"cve": "CVE-2024-41795",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"notes": [
{
"category": "other",
"text": "Cross-Site Request Forgery (CSRF)",
"title": "CWE-352"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-41795",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
}
],
"title": "CVE-2024-41795"
},
{
"cve": "CVE-2024-41796",
"cwe": {
"id": "CWE-620",
"name": "Unverified Password Change"
},
"notes": [
{
"category": "other",
"text": "Unverified Password Change",
"title": "CWE-620"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-41796",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41796.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
}
],
"title": "CVE-2024-41796"
},
{
"cve": "CVE-2024-54091",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-54091",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-54091.json"
}
],
"title": "CVE-2024-54091"
},
{
"cve": "CVE-2024-54092",
"cwe": {
"id": "CWE-1390",
"name": "Weak Authentication"
},
"notes": [
{
"category": "other",
"text": "Weak Authentication",
"title": "CWE-1390"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-54092",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-54092.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
}
],
"title": "CVE-2024-54092"
},
{
"cve": "CVE-2025-30280",
"cwe": {
"id": "CWE-204",
"name": "Observable Response Discrepancy"
},
"notes": [
{
"category": "other",
"text": "Observable Response Discrepancy",
"title": "CWE-204"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30280",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30280.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
}
],
"title": "CVE-2025-30280"
},
{
"cve": "CVE-2025-1097",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "External Control of System or Configuration Setting",
"title": "CWE-15"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-1097",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-1097.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
}
],
"title": "CVE-2025-1097"
},
{
"cve": "CVE-2025-24514",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "External Control of System or Configuration Setting",
"title": "CWE-15"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-24514",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24514.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
}
],
"title": "CVE-2025-24514"
},
{
"cve": "CVE-2025-24513",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-24513",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24513.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
}
],
"title": "CVE-2025-24513"
},
{
"cve": "CVE-2025-1974",
"cwe": {
"id": "CWE-653",
"name": "Improper Isolation or Compartmentalization"
},
"notes": [
{
"category": "other",
"text": "Improper Isolation or Compartmentalization",
"title": "CWE-653"
},
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-1974",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-1974.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
}
],
"title": "CVE-2025-1974"
},
{
"cve": "CVE-2025-1098",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "External Control of System or Configuration Setting",
"title": "CWE-15"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-1098",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-1098.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
}
],
"title": "CVE-2025-1098"
},
{
"cve": "CVE-2025-29999",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"notes": [
{
"category": "other",
"text": "Improper Privilege Management",
"title": "CWE-269"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-29999",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-29999.json"
}
],
"title": "CVE-2025-29999"
},
{
"cve": "CVE-2025-30000",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-30000",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30000.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2631845",
"CSAFPID-2631844",
"CSAFPID-2631843",
"CSAFPID-2631842",
"CSAFPID-2631841",
"CSAFPID-2631840",
"CSAFPID-2631839",
"CSAFPID-2631838",
"CSAFPID-2631837",
"CSAFPID-2631836",
"CSAFPID-2631835",
"CSAFPID-2631900",
"CSAFPID-2632341",
"CSAFPID-2632342",
"CSAFPID-2632343",
"CSAFPID-2631790",
"CSAFPID-2632460",
"CSAFPID-2632459",
"CSAFPID-2631854",
"CSAFPID-2631855",
"CSAFPID-2632083",
"CSAFPID-1296722",
"CSAFPID-2631923",
"CSAFPID-1296723",
"CSAFPID-2631924",
"CSAFPID-2631925",
"CSAFPID-2631926",
"CSAFPID-2631927",
"CSAFPID-2631928",
"CSAFPID-2631929",
"CSAFPID-2631932",
"CSAFPID-2631933",
"CSAFPID-2631934",
"CSAFPID-2631935",
"CSAFPID-1765658",
"CSAFPID-1765659",
"CSAFPID-2631856",
"CSAFPID-2631858",
"CSAFPID-2631860",
"CSAFPID-2631862",
"CSAFPID-1765660",
"CSAFPID-2631936",
"CSAFPID-2631937",
"CSAFPID-2631938",
"CSAFPID-2631939",
"CSAFPID-2631940",
"CSAFPID-2631920",
"CSAFPID-2631921",
"CSAFPID-2631922",
"CSAFPID-2631967",
"CSAFPID-2631968",
"CSAFPID-2631969",
"CSAFPID-2632004",
"CSAFPID-2632005",
"CSAFPID-2632006",
"CSAFPID-2632007",
"CSAFPID-2632008",
"CSAFPID-2631966",
"CSAFPID-1765690",
"CSAFPID-1765691",
"CSAFPID-2459039",
"CSAFPID-2631970",
"CSAFPID-2631971",
"CSAFPID-2631972",
"CSAFPID-2631973",
"CSAFPID-2631974",
"CSAFPID-2631975",
"CSAFPID-1765700",
"CSAFPID-1765701",
"CSAFPID-2631976",
"CSAFPID-2631977",
"CSAFPID-1296980",
"CSAFPID-2631978",
"CSAFPID-2631979",
"CSAFPID-2631980",
"CSAFPID-2631981",
"CSAFPID-2631982",
"CSAFPID-2631983",
"CSAFPID-2631984",
"CSAFPID-2631985",
"CSAFPID-2632402",
"CSAFPID-2631802",
"CSAFPID-2631803",
"CSAFPID-2631804",
"CSAFPID-2631805",
"CSAFPID-1296837",
"CSAFPID-2631806",
"CSAFPID-1211926",
"CSAFPID-2619361",
"CSAFPID-1209122"
]
}
],
"title": "CVE-2025-30000"
}
]
}
FKIE_CVE-2025-30280
Vulnerability from fkie_nvd - Published: 2025-04-08 09:15 - Updated: 2025-06-10 16:15
Severity ?
Summary
A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.21.0), Mendix Runtime V10.12 (All versions < V10.12.16), Mendix Runtime V10.18 (All versions < V10.18.5), Mendix Runtime V10.6 (All versions < V10.6.22), Mendix Runtime V8 (All versions < V8.18.35), Mendix Runtime V9 (All versions < V9.24.34). Affected applications allow for entity enumeration due to distinguishable responses in certain client actions. This could allow an unauthenticated remote attacker to list all valid entities and attribute names of a Mendix Runtime-based application.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Mendix Runtime V10 (All versions \u003c V10.21.0), Mendix Runtime V10.12 (All versions \u003c V10.12.16), Mendix Runtime V10.18 (All versions \u003c V10.18.5), Mendix Runtime V10.6 (All versions \u003c V10.6.22), Mendix Runtime V8 (All versions \u003c V8.18.35), Mendix Runtime V9 (All versions \u003c V9.24.34). Affected applications allow for entity enumeration due to distinguishable responses in certain client actions. This could allow an unauthenticated remote attacker to list all valid entities and attribute names of a Mendix Runtime-based application."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Mendix Runtime V10 (todas las versiones anteriores a la V10.21.0), Mendix Runtime V10.12 (todas las versiones), Mendix Runtime V10.18 (todas las versiones), Mendix Runtime V10.6 (todas las versiones), Mendix Runtime V8 (todas las versiones) y Mendix Runtime V9 (todas las versiones anteriores a la V9.24.34). Las aplicaciones afectadas permiten la enumeraci\u00f3n de entidades debido a respuestas distinguibles en ciertas acciones del cliente. Esto podr\u00eda permitir que un atacante remoto no autenticado liste todas las entidades y nombres de atributos v\u00e1lidos de una aplicaci\u00f3n basada en Mendix Runtime."
}
],
"id": "CVE-2025-30280",
"lastModified": "2025-06-10T16:15:37.550",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "productcert@siemens.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "productcert@siemens.com",
"type": "Secondary"
}
]
},
"published": "2025-04-08T09:15:27.793",
"references": [
{
"source": "productcert@siemens.com",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-874353.html"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-204"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
}
]
}
SSA-874353
Vulnerability from csaf_siemens - Published: 2025-04-08 00:00 - Updated: 2025-06-10 00:00Summary
SSA-874353: Entity Enumeration Vulnerability in Mendix Runtime
Notes
Summary
Mendix Runtime allows for entity enumeration due to distinguishable responses in certain client actions. This could allow an unauthenticated remote attacker to list all valid entities and attribute names of a Mendix Runtime-based application.
Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at:
https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Mendix Runtime allows for entity enumeration due to distinguishable responses in certain client actions. This could allow an unauthenticated remote attacker to list all valid entities and attribute names of a Mendix Runtime-based application.\n\nSiemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: \nhttps://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-874353: Entity Enumeration Vulnerability in Mendix Runtime - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-874353.html"
},
{
"category": "self",
"summary": "SSA-874353: Entity Enumeration Vulnerability in Mendix Runtime - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-874353.json"
}
],
"title": "SSA-874353: Entity Enumeration Vulnerability in Mendix Runtime",
"tracking": {
"current_release_date": "2025-06-10T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-874353",
"initial_release_date": "2025-04-08T00:00:00Z",
"revision_history": [
{
"date": "2025-04-08T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2025-04-10T00:00:00Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added fix for Mendix Runtime V10.18"
},
{
"date": "2025-04-14T00:00:00Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added fix for Mendix Runtime V10.12 and V10.6"
},
{
"date": "2025-06-10T00:00:00Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Added fix for Mendix Runtime V8"
}
],
"status": "interim",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV8.18.35",
"product": {
"name": "Mendix Runtime V8",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "Mendix Runtime V8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV9.24.34",
"product": {
"name": "Mendix Runtime V9",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "Mendix Runtime V9"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV10.21.0",
"product": {
"name": "Mendix Runtime V10",
"product_id": "3"
}
}
],
"category": "product_name",
"name": "Mendix Runtime V10"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV10.6.22",
"product": {
"name": "Mendix Runtime V10.6",
"product_id": "4"
}
}
],
"category": "product_name",
"name": "Mendix Runtime V10.6"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV10.12.16",
"product": {
"name": "Mendix Runtime V10.12",
"product_id": "5"
}
}
],
"category": "product_name",
"name": "Mendix Runtime V10.12"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV10.18.5",
"product": {
"name": "Mendix Runtime V10.18",
"product_id": "6"
}
}
],
"category": "product_name",
"name": "Mendix Runtime V10.18"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-30280",
"cwe": {
"id": "CWE-204",
"name": "Observable Response Discrepancy"
},
"notes": [
{
"category": "summary",
"text": "Affected applications allow for entity enumeration due to distinguishable responses in certain client actions. This could allow an unauthenticated remote attacker to list all valid entities and attribute names of a Mendix Runtime-based application.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V10.12.16 or later version",
"product_ids": [
"5"
],
"url": "https://docs.mendix.com/releasenotes/studio-pro/10/"
},
{
"category": "vendor_fix",
"details": "Update to V10.18.5 or later version",
"product_ids": [
"6"
],
"url": "https://docs.mendix.com/releasenotes/studio-pro/"
},
{
"category": "vendor_fix",
"details": "Update to V10.21.0 or later version",
"product_ids": [
"3"
],
"url": "https://docs.mendix.com/releasenotes/studio-pro/10/"
},
{
"category": "vendor_fix",
"details": "Update to V10.6.22 or later version",
"product_ids": [
"4"
],
"url": "https://docs.mendix.com/releasenotes/studio-pro/10/"
},
{
"category": "vendor_fix",
"details": "Update to V8.18.35 or later version",
"product_ids": [
"1"
],
"url": "https://docs.mendix.com/releasenotes/studio-pro/8/"
},
{
"category": "vendor_fix",
"details": "Update to V9.24.34 or later version",
"product_ids": [
"2"
],
"url": "https://docs.mendix.com/releasenotes/studio-pro/9/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6"
]
}
],
"title": "CVE-2025-30280"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…