wid-sec-w-2022-0425
Vulnerability from csaf_certbund
Published
2022-06-21 22:00
Modified
2024-06-04 22:00
Summary
OpenSSL: Schwachstelle ermöglicht Codeausführung

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
OpenSSL ist eine im Quelltext frei verfügbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.
Angriff
Ein lokaler Angreifer kann eine Schwachstelle in OpenSSL ausnutzen, um beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme
- Linux - NetApp Appliance



{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "OpenSSL ist eine im Quelltext frei verf\u00fcgbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann eine Schwachstelle in OpenSSL ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- NetApp Appliance",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-0425 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0425.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-0425 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0425"
      },
      {
        "category": "external",
        "summary": "OpenSSL Security Advisory [21 June 2022] vom 2022-06-21",
        "url": "https://www.openssl.org/news/secadv/20220621.txt"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5488-1 vom 2022-06-21",
        "url": "https://ubuntu.com/security/notices/USN-5488-1"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5169 vom 2022-06-26",
        "url": "https://lists.debian.org/debian-security-announce/2022/msg00137.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:2180-1 vom 2022-06-24",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-June/011354.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:2179-1 vom 2022-06-24",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-June/011349.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:2181-1 vom 2022-06-24",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-June/011352.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:2182-1 vom 2022-06-24",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-June/011355.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:2197-1 vom 2022-06-28",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-June/011370.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:2251-1 vom 2022-07-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-July/011387.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:2309-1 vom 2022-07-06",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-July/011433.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-5488-2 vom 2022-07-06",
        "url": "https://ubuntu.com/security/notices/USN-5488-2"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:2308-1 vom 2022-07-06",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-July/011417.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:2306-1 vom 2022-07-06",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-July/011432.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:2321-1 vom 2022-07-07",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-July/011468.html"
      },
      {
        "category": "external",
        "summary": "NetApp Security Advisory NTAP-20220707-0008 vom 2022-07-07",
        "url": "https://security.netapp.com/advisory/ntap-20220707-0008/"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2022-5818 vom 2022-08-03",
        "url": "http://linux.oracle.com/errata/ELSA-2022-5818.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:5818 vom 2022-08-03",
        "url": "https://access.redhat.com/errata/RHSA-2022:5818"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2022-123 vom 2022-08-05",
        "url": "https://alas.aws.amazon.com/AL2022/ALAS-2022-123.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2022-1626 vom 2022-08-05",
        "url": "https://alas.aws.amazon.com/ALAS-2022-1626.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2022-9683 vom 2022-08-05",
        "url": "https://linux.oracle.com/errata/ELSA-2022-9683.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2022-1831 vom 2022-08-08",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1831.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2022-1832 vom 2022-08-08",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1832.html"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory SVD-2022-0804 vom 2022-08-17",
        "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0804.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6188 vom 2022-08-25",
        "url": "https://access.redhat.com/errata/RHSA-2022:6188"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6184 vom 2022-08-25",
        "url": "https://access.redhat.com/errata/RHSA-2022:6184"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2022-6224 vom 2022-08-31",
        "url": "http://linux.oracle.com/errata/ELSA-2022-6224.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6224 vom 2022-08-30",
        "url": "https://access.redhat.com/errata/RHSA-2022:6224"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2022:2251-2 vom 2022-09-01",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012050.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6182 vom 2022-09-06",
        "url": "https://access.redhat.com/errata/RHSA-2022:6182"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6183 vom 2022-09-06",
        "url": "https://access.redhat.com/errata/RHSA-2022:6183"
      },
      {
        "category": "external",
        "summary": "Tenable Security Advisory TNS-2022-19 vom 2022-09-21",
        "url": "https://www.tenable.com/security/tns-2022-19"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6622079 vom 2022-09-22",
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-spectrum-protect-plus-sql-file-indexing-and-windows-host-agents/"
      },
      {
        "category": "external",
        "summary": "Oracle Solaris Third Party Bulletin-October 2022 vom 2022-10-18",
        "url": "https://www.oracle.com/security-alerts/bulletinoct2022.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:7055 vom 2022-10-19",
        "url": "https://access.redhat.com/errata/RHSA-2022:7055"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:7058 vom 2022-10-20",
        "url": "https://access.redhat.com/errata/RHSA-2022:7058"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2022-195 vom 2022-11-04",
        "url": "https://alas.aws.amazon.com/AL2022/ALAS-2022-195.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:8781 vom 2022-12-08",
        "url": "https://access.redhat.com/errata/RHSA-2022:8781"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:8841 vom 2022-12-08",
        "url": "https://access.redhat.com/errata/RHSA-2022:8841"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:8840 vom 2022-12-08",
        "url": "https://access.redhat.com/errata/RHSA-2022:8840"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6855297 vom 2023-01-13",
        "url": "https://www.ibm.com/support/pages/node/6855297"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6857607 vom 2023-01-25",
        "url": "https://www.ibm.com/support/pages/node/6857607"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6855595 vom 2023-01-31",
        "url": "https://www.ibm.com/support/pages/node/6855595"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6855543 vom 2023-02-01",
        "url": "https://www.ibm.com/support/pages/node/6855543"
      },
      {
        "category": "external",
        "summary": "Tenable Security Advisory TNS-2023-10 vom 2023-03-07",
        "url": "https://www.tenable.com/security/tns-2023-10"
      },
      {
        "category": "external",
        "summary": "Dell Knowledge Base Article",
        "url": "https://www.dell.com/support/kbdoc/en-us/000221474/dsa-2024-059-security-update-for-dell-networker-multiple-components-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "HPE Securi+y Bulletin",
        "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-hpesbst04494en_us"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7108821 vom 2024-01-17",
        "url": "https://www.ibm.com/support/pages/node/7108821"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASOPENSSL-SNAPSAFE-2023-001 vom 2023-09-27",
        "url": "https://alas.aws.amazon.com/AL2/ALASOPENSSL-SNAPSAFE-2023-001.html"
      },
      {
        "category": "external",
        "summary": "ExtremeNetworks Vulnerability Notice SA-2023-023 vom 2023-10-03",
        "url": "https://extreme-networks.my.site.com/ExtrArticleDetail?an=000109624"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:5931 vom 2023-10-19",
        "url": "https://access.redhat.com/errata/RHSA-2023:5931"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:5982 vom 2023-10-21",
        "url": "https://access.redhat.com/errata/RHSA-2023:5982"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6457-1 vom 2023-10-30",
        "url": "https://ubuntu.com/security/notices/USN-6457-1"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7063708 vom 2023-10-31",
        "url": "https://www.ibm.com/support/pages/node/7063708"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7067688 vom 2023-11-07",
        "url": "https://www.ibm.com/support/pages/node/7067688"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:6818 vom 2023-11-09",
        "url": "https://access.redhat.com/errata/RHSA-2023:6818"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-13026 vom 2023-12-07",
        "url": "https://linux.oracle.com/errata/ELSA-2023-13026.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-32790 vom 2023-12-07",
        "url": "https://linux.oracle.com/errata/ELSA-2023-32790.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-13024 vom 2023-12-07",
        "url": "https://linux.oracle.com/errata/ELSA-2023-13024.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-13025 vom 2023-12-07",
        "url": "https://linux.oracle.com/errata/ELSA-2023-13025.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-13027 vom 2023-12-07",
        "url": "https://linux.oracle.com/errata/ELSA-2023-13027.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-32791 vom 2023-12-07",
        "url": "https://linux.oracle.com/errata/ELSA-2023-32791.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2024-2502 vom 2024-03-19",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2502.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12408 vom 2024-06-05",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12408.html"
      }
    ],
    "source_lang": "en-US",
    "title": "OpenSSL: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
    "tracking": {
      "current_release_date": "2024-06-04T22:00:00.000+00:00",
      "generator": {
        "date": "2024-06-05T08:08:47.767+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2022-0425",
      "initial_release_date": "2022-06-21T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2022-06-21T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2022-06-26T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Debian und SUSE aufgenommen"
        },
        {
          "date": "2022-06-27T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-06-30T22:00:00.000+00:00",
          "number": "4",
          "summary": "Referenz(en) aufgenommen: FEDORA-2022-3B7D0ABD0B, FEDORA-2022-5B1E1A67D1"
        },
        {
          "date": "2022-07-04T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-07-06T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE und Ubuntu aufgenommen"
        },
        {
          "date": "2022-07-07T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE und NetApp aufgenommen"
        },
        {
          "date": "2022-08-02T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2022-08-03T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-08-04T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2022-08-07T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2022-08-08T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2022-08-16T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Splunk-SVD aufgenommen"
        },
        {
          "date": "2022-08-25T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-08-30T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
        },
        {
          "date": "2022-09-01T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2022-09-06T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-09-20T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Tenable aufgenommen"
        },
        {
          "date": "2022-09-21T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2022-10-18T22:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2022-10-19T22:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-11-06T23:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2022-12-07T23:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-12-08T23:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-01-12T23:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-01-25T23:00:00.000+00:00",
          "number": "26",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-01-31T23:00:00.000+00:00",
          "number": "27",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-03-07T23:00:00.000+00:00",
          "number": "28",
          "summary": "Neue Updates von Tenable aufgenommen"
        },
        {
          "date": "2023-08-13T22:00:00.000+00:00",
          "number": "29",
          "summary": "Neue Updates von HP aufgenommen"
        },
        {
          "date": "2023-09-27T22:00:00.000+00:00",
          "number": "30",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2023-10-03T22:00:00.000+00:00",
          "number": "31",
          "summary": "Neue Updates von ExtremeNetworks aufgenommen"
        },
        {
          "date": "2023-10-19T22:00:00.000+00:00",
          "number": "32",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-10-22T22:00:00.000+00:00",
          "number": "33",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-10-30T23:00:00.000+00:00",
          "number": "34",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2023-10-31T23:00:00.000+00:00",
          "number": "35",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-11-06T23:00:00.000+00:00",
          "number": "36",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-11-08T23:00:00.000+00:00",
          "number": "37",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-12-07T23:00:00.000+00:00",
          "number": "38",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-01-17T23:00:00.000+00:00",
          "number": "39",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-01-25T23:00:00.000+00:00",
          "number": "40",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2024-03-18T23:00:00.000+00:00",
          "number": "41",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2024-06-04T22:00:00.000+00:00",
          "number": "42",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        }
      ],
      "status": "final",
      "version": "42"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c2.3.0",
                "product": {
                  "name": "Broadcom Brocade SANnav \u003c2.3.0",
                  "product_id": "T029650",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:broadcom:brocade_sannav:v2.3.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Brocade SANnav"
          },
          {
            "category": "product_name",
            "name": "Broadcom Brocade Switch",
            "product": {
              "name": "Broadcom Brocade Switch",
              "product_id": "T015844",
              "product_identification_helper": {
                "cpe": "cpe:/h:brocade:switch:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Broadcom"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c19.10",
                "product": {
                  "name": "Dell NetWorker \u003c19.10",
                  "product_id": "T032354",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:networker:19.10"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "NetWorker"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HPE Switch",
            "product": {
              "name": "HPE Switch",
              "product_id": "T005119",
              "product_identification_helper": {
                "cpe": "cpe:/h:hp:switch:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "HPE"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "11.7",
                "product": {
                  "name": "IBM InfoSphere Information Server 11.7",
                  "product_id": "444803",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:infosphere_information_server:11.7"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "InfoSphere Information Server"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c8.0.0.24",
                "product": {
                  "name": "IBM Rational Build Forge \u003c8.0.0.24",
                  "product_id": "T030689",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:rational_build_forge:8.0.0.24"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Rational Build Forge"
          },
          {
            "category": "product_name",
            "name": "IBM Rational ClearCase",
            "product": {
              "name": "IBM Rational ClearCase",
              "product_id": "T004180",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:rational_clearcase:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "IBM Rational ClearQuest",
            "product": {
              "name": "IBM Rational ClearQuest",
              "product_id": "5168",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:rational_clearquest:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c10.0.5-ISS-ISVA-FP000",
                "product": {
                  "name": "IBM Security Verify Access \u003c10.0.5-ISS-ISVA-FP000",
                  "product_id": "T025829",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:security_verify_access:10.0.5-iss-isva-fp000"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "10.0.0.0-10.0.6.1",
                "product": {
                  "name": "IBM Security Verify Access 10.0.0.0-10.0.6.1",
                  "product_id": "T031895",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:security_verify_access:10.0.0.0_-_10.0.6.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Security Verify Access"
          },
          {
            "category": "product_name",
            "name": "IBM Spectrum Protect",
            "product": {
              "name": "IBM Spectrum Protect",
              "product_id": "T013661",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:spectrum_protect:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "NetApp Data ONTAP",
            "product": {
              "name": "NetApp Data ONTAP",
              "product_id": "7654",
              "product_identification_helper": {
                "cpe": "cpe:/a:netapp:data_ontap:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "NetApp FAS",
            "product": {
              "name": "NetApp FAS",
              "product_id": "T011540",
              "product_identification_helper": {
                "cpe": "cpe:/h:netapp:fas:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "NetApp"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.0.2zf",
                "product": {
                  "name": "Open Source OpenSSL \u003c1.0.2zf",
                  "product_id": "T023577",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:openssl:openssl:1.0.2zf"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.1.1p",
                "product": {
                  "name": "Open Source OpenSSL \u003c1.1.1p",
                  "product_id": "T023578",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:openssl:openssl:1.1.1p"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c3.0.4",
                "product": {
                  "name": "Open Source OpenSSL \u003c3.0.4",
                  "product_id": "T023579",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:openssl:openssl:3.0.4"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OpenSSL"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Oracle Solaris",
            "product": {
              "name": "Oracle Solaris",
              "product_id": "T002965",
              "product_identification_helper": {
                "cpe": "cpe:/a:oracle:solaris:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Red Hat OpenShift",
            "product": {
              "name": "Red Hat OpenShift",
              "product_id": "T008027",
              "product_identification_helper": {
                "cpe": "cpe:/a:redhat:openshift:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c8.1.11",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c8.1.11",
                  "product_id": "T024304",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:8.1.11"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.2.7.1",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c8.2.7.1",
                  "product_id": "T024305",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:8.2.7.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.0.1",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.0.1",
                  "product_id": "T024306",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:9.0.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Splunk Enterprise"
          }
        ],
        "category": "vendor",
        "name": "Splunk"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "8.15.9",
                "product": {
                  "name": "Tenable Security Nessus 8.15.9",
                  "product_id": "T026648",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:tenable:nessus:8.15.9"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Nessus"
          },
          {
            "category": "product_name",
            "name": "Tenable Security Nessus Network Monitor",
            "product": {
              "name": "Tenable Security Nessus Network Monitor",
              "product_id": "T016632",
              "product_identification_helper": {
                "cpe": "cpe:/a:tenable:nessus_network_monitor:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Tenable Security"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-2068",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in OpenSSL im Skript \"c_rehash\", welches in einigen Linux Distributionen zum Einlesen eines Zertifikatsvorrats zwecks Erzeugen von Hash-Links genutzt wird. Das Skript gibt Dateinamen von Zertifikatsdateien nicht ausreichend bereinigt an andere Programme weiter. Dadurch werden auch \"Shell Metacharacter\" weitergegeben, was eine Shell Command-Injection erm\u00f6glicht. Ein lokaler Angreifer kann dadurch beliebigen Code mit den Berechtigungen des Skripts ausf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T029650",
          "T008027",
          "T031895",
          "67646",
          "5168",
          "7654",
          "T015844",
          "T030689",
          "T011540",
          "T005119",
          "T002965",
          "T016632",
          "T004914",
          "T013661",
          "T025829",
          "T032354",
          "2951",
          "T002207",
          "T026648",
          "T000126",
          "444803",
          "T004180",
          "398363"
        ]
      },
      "release_date": "2022-06-21T22:00:00Z",
      "title": "CVE-2022-2068"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.