WID-SEC-W-2022-1504
Vulnerability from csaf_certbund - Published: 2022-09-22 22:00 - Updated: 2024-05-13 22:00Summary
expat: Schwachstelle ermöglicht Codeausführung
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Expat ist ein XML Parser, der in der Programmiersprache-C geschrieben ist.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in expat ausnutzen, um beliebigen Programmcode auszuführen und einen Denial of Service Zustand herbeizuführen
Betroffene Betriebssysteme: - Linux
- UNIX
Es existiert eine Schwachstelle in expat aufgrund eines "Use After Free" Fehlers in der "doContent" function in [xmlparse.c]. Ein Angreifer kann dies ausnutzen, um potenziell Code auszuführen oder um einen Denial of Service Zustand herbeizuführen.
References
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Expat ist ein XML Parser, der in der Programmiersprache-C geschrieben ist.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in expat ausnutzen, um beliebigen Programmcode auszuf\u00fchren und einen Denial of Service Zustand herbeizuf\u00fchren",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-1504 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1504.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-1504 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1504"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5236 vom 2022-09-22",
"url": "https://lists.debian.org/debian-security-announce/2022/msg00205.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5638-1 vom 2022-09-26",
"url": "https://ubuntu.com/security/notices/USN-5638-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:3466-1 vom 2022-09-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012447.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202209-24 vom 2022-09-29",
"url": "https://security.gentoo.org/glsa/202209-24"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:3489-1 vom 2022-10-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012473.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:3489-1 vom 2022-10-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012471.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:3489-1 vom 2022-10-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012472.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:3489-1 vom 2022-10-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012469.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:3489-1 vom 2022-10-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012474.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6826711 vom 2022-10-05",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-monitoring-is-vulnerable-to-remote-code-execution-cve-2022-40674/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6827119 vom 2022-10-06",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-http-server-is-vulnerable-to-arbitrary-code-execution-due-to-expat-cve-2022-40674/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6832 vom 2022-10-06",
"url": "https://access.redhat.com/errata/RHSA-2022:6832"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-6834 vom 2022-10-07",
"url": "http://linux.oracle.com/errata/ELSA-2022-6834.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-6838 vom 2022-10-07",
"url": "http://linux.oracle.com/errata/ELSA-2022-6838.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6831 vom 2022-10-06",
"url": "https://access.redhat.com/errata/RHSA-2022:6831"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6834 vom 2022-10-06",
"url": "https://access.redhat.com/errata/RHSA-2022:6834"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6833 vom 2022-10-06",
"url": "https://access.redhat.com/errata/RHSA-2022:6833"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6838 vom 2022-10-06",
"url": "https://access.redhat.com/errata/RHSA-2022:6838"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6878 vom 2022-10-11",
"url": "https://access.redhat.com/errata/RHSA-2022:6878"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-6878 vom 2022-10-12",
"url": "http://linux.oracle.com/errata/ELSA-2022-6878.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6921 vom 2022-10-12",
"url": "https://access.redhat.com/errata/RHSA-2022:6921"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:3597-1 vom 2022-10-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012544.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6967 vom 2022-10-17",
"url": "https://access.redhat.com/errata/RHSA-2022:6967"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7023 vom 2022-10-18",
"url": "https://access.redhat.com/errata/RHSA-2022:7023"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7024 vom 2022-10-18",
"url": "https://access.redhat.com/errata/RHSA-2022:7024"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7025 vom 2022-10-18",
"url": "https://access.redhat.com/errata/RHSA-2022:7025"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7026 vom 2022-10-18",
"url": "https://access.redhat.com/errata/RHSA-2022:7026"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7021 vom 2022-10-18",
"url": "https://access.redhat.com/errata/RHSA-2022:7021"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7020 vom 2022-10-18",
"url": "https://access.redhat.com/errata/RHSA-2022:7020"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6998 vom 2022-10-18",
"url": "https://access.redhat.com/errata/RHSA-2022:6998"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7022 vom 2022-10-18",
"url": "https://access.redhat.com/errata/RHSA-2022:7022"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6995 vom 2022-10-18",
"url": "https://access.redhat.com/errata/RHSA-2022:6995"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6996 vom 2022-10-18",
"url": "https://access.redhat.com/errata/RHSA-2022:6996"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6997 vom 2022-10-18",
"url": "https://access.redhat.com/errata/RHSA-2022:6997"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7019 vom 2022-10-18",
"url": "https://access.redhat.com/errata/RHSA-2022:7019"
},
{
"category": "external",
"summary": "Oracle Linux Bulletin-October 2022 vom 2022-10-18",
"url": "https://www.oracle.com/security-alerts/linuxbulletinoct2022.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7058 vom 2022-10-20",
"url": "https://access.redhat.com/errata/RHSA-2022:7058"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6905 vom 2022-10-19",
"url": "https://access.redhat.com/errata/RHSA-2022:6905"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-7026 vom 2022-10-20",
"url": "https://linux.oracle.com/errata/ELSA-2022-7026.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-7024 vom 2022-10-20",
"url": "https://linux.oracle.com/errata/ELSA-2022-7024.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-7023 vom 2022-10-20",
"url": "https://linux.oracle.com/errata/ELSA-2022-7023.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-7020 vom 2022-10-20",
"url": "http://linux.oracle.com/errata/ELSA-2022-7020.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-6998 vom 2022-10-27",
"url": "https://linux.oracle.com/errata/ELSA-2022-6998.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-6997 vom 2022-10-27",
"url": "https://linux.oracle.com/errata/ELSA-2022-6997.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:3750-1 vom 2022-10-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012690.html"
},
{
"category": "external",
"summary": "Tenable Security Advisory TNS-2022-20 vom 2022-10-26",
"url": "https://www.tenable.com/security/tns-2022-20"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2022:6834 vom 2022-10-26",
"url": "https://lists.centos.org/pipermail/centos-announce/2022-October/073647.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-9962 vom 2022-10-29",
"url": "https://linux.oracle.com/errata/ELSA-2022-9962.html"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20221028-0008 vom 2022-10-28",
"url": "https://security.netapp.com/advisory/ntap-20221028-0008/"
},
{
"category": "external",
"summary": "F5 Security Advisory K44454157 vom 2022-10-31",
"url": "https://support.f5.com/csp/article/K44454157"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-9967 vom 2022-10-31",
"url": "https://linux.oracle.com/errata/ELSA-2022-9967.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6833562 vom 2022-11-01",
"url": "https://aix.software.ibm.com/aix/efixes/security/python_advisory2.asc"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6837645 vom 2022-11-08",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-tivoli-monitoring-included-websphere-application-server-and-ibm-http-server-used-by-websphere-application-server-3/"
},
{
"category": "external",
"summary": "Tenable Security Advisory TNS-2022-26 vom 2022-11-09",
"url": "https://www.tenable.com/security/tns-2022-26"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6882 vom 2022-11-09",
"url": "https://access.redhat.com/errata/RHSA-2022:6882"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-1877 vom 2022-11-09",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1877.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5638-2 vom 2022-11-17",
"url": "https://ubuntu.com/security/notices/USN-5638-2"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8598 vom 2022-11-22",
"url": "https://access.redhat.com/errata/RHSA-2022:8598"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6842505 vom 2022-12-01",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-operator-and-queue-manager-container-images-are-vulnerable-to-multiple-vulnerabilities-from-expat-sqlite-libxml2-libksba-zlib-and-gnutls/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8841 vom 2022-12-08",
"url": "https://access.redhat.com/errata/RHSA-2022:8841"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-259 vom 2022-12-09",
"url": "https://alas.aws.amazon.com/AL2022/ALAS-2022-259.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-1654 vom 2022-12-10",
"url": "https://alas.aws.amazon.com/ALAS-2022-1654.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6847293 vom 2022-12-20",
"url": "https://www.ibm.com/support/pages/node/6847293"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6855663 vom 2023-01-16",
"url": "https://www.ibm.com/support/pages/node/6855663"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6856375 vom 2023-01-31",
"url": "https://www.ibm.com/support/pages/node/6856375"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6955057 vom 2023-02-13",
"url": "https://www.ibm.com/support/pages/node/6955057"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5638-4 vom 2023-02-28",
"url": "https://ubuntu.com/security/notices/USN-5638-4"
},
{
"category": "external",
"summary": "HCL Article KB0104147 vom 2023-04-20",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0104147"
},
{
"category": "external",
"summary": "Tenable Security Advisory TNS-2023-19 vom 2023-05-10",
"url": "https://www.tenable.com/security/tns-2023-19"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3068 vom 2023-05-16",
"url": "https://access.redhat.com/errata/RHSA-2023:3068"
},
{
"category": "external",
"summary": "Hitachi Cybersecurity Advisory vom 2023-05-24",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-01"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6999317 vom 2023-05-30",
"url": "https://www.ibm.com/support/pages/node/6999317"
},
{
"category": "external",
"summary": "ORACLE OVMSA-2023-0009 vom 2023-08-17",
"url": "https://oss.oracle.com/pipermail/oraclevm-errata/2023-August/001078.html"
},
{
"category": "external",
"summary": "Insyde Security Advisory INSYDE-SA-2024002 vom 2024-05-14",
"url": "https://www.insyde.com/security-pledge/SA-2024002"
}
],
"source_lang": "en-US",
"title": "expat: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
"tracking": {
"current_release_date": "2024-05-13T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:35:37.199+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2022-1504",
"initial_release_date": "2022-09-22T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-09-22T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-09-26T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2022-09-29T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE, Fedora und Gentoo aufgenommen"
},
{
"date": "2022-10-03T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-10-04T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2022-10-05T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2022-10-06T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2022-10-11T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-10-12T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-10-17T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von SUSE und Red Hat aufgenommen"
},
{
"date": "2022-10-18T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-10-19T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2022-10-20T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2022-10-23T22:00:00.000+00:00",
"number": "14",
"summary": "Referenz(en) aufgenommen: FEDORA-2022-D93B3BD8B9, FEDORA-2022-DCB1D7BCB1, FEDORA-2022-C22FEB71BA"
},
{
"date": "2022-10-26T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Oracle Linux, SUSE, Tenable und CentOS aufgenommen"
},
{
"date": "2022-10-30T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Oracle Linux und NetApp aufgenommen"
},
{
"date": "2022-10-31T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von F5 und Oracle Linux aufgenommen"
},
{
"date": "2022-11-01T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2022-11-07T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2022-11-09T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Tenable, Red Hat und Amazon aufgenommen"
},
{
"date": "2022-11-17T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2022-11-22T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-11-30T23:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2022-12-08T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-12-11T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2022-12-20T23:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-01-16T23:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-01-31T23:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-02-13T23:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-02-28T23:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2023-04-19T22:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von HCL aufgenommen"
},
{
"date": "2023-05-09T22:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Tenable aufgenommen"
},
{
"date": "2023-05-16T22:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-05-23T22:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2023-05-30T22:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-08-17T22:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von ORACLE aufgenommen"
},
{
"date": "2024-05-13T22:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von Insyde aufgenommen"
}
],
"status": "final",
"version": "37"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "F5 BIG-IP",
"product": {
"name": "F5 BIG-IP",
"product_id": "T001663",
"product_identification_helper": {
"cpe": "cpe:/a:f5:big-ip:-"
}
}
}
],
"category": "vendor",
"name": "F5"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "8",
"product": {
"name": "HCL Commerce 8",
"product_id": "T020130",
"product_identification_helper": {
"cpe": "cpe:/a:hcltechsw:commerce:8"
}
}
},
{
"category": "product_version",
"name": "7",
"product": {
"name": "HCL Commerce 7",
"product_id": "T027460",
"product_identification_helper": {
"cpe": "cpe:/a:hcltechsw:commerce:7"
}
}
},
{
"category": "product_version",
"name": "9.0.1.x",
"product": {
"name": "HCL Commerce 9.0.1.x",
"product_id": "T027461",
"product_identification_helper": {
"cpe": "cpe:/a:hcltechsw:commerce:9.0.1.x"
}
}
},
{
"category": "product_version",
"name": "9.1.x",
"product": {
"name": "HCL Commerce 9.1.x",
"product_id": "T027462",
"product_identification_helper": {
"cpe": "cpe:/a:hcltechsw:commerce:9.1.x"
}
}
}
],
"category": "product_name",
"name": "Commerce"
}
],
"category": "vendor",
"name": "HCL"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "65x",
"product": {
"name": "Hitachi Energy AFS 65x",
"product_id": "T027841",
"product_identification_helper": {
"cpe": "cpe:/h:abb:afs:65x"
}
}
},
{
"category": "product_version",
"name": "67x",
"product": {
"name": "Hitachi Energy AFS 67x",
"product_id": "T027842",
"product_identification_helper": {
"cpe": "cpe:/h:abb:afs:67x"
}
}
}
],
"category": "product_name",
"name": "AFS"
}
],
"category": "vendor",
"name": "Hitachi Energy"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7.3",
"product": {
"name": "IBM AIX 7.3",
"product_id": "T021486",
"product_identification_helper": {
"cpe": "cpe:/o:ibm:aix:7.3"
}
}
}
],
"category": "product_name",
"name": "AIX"
},
{
"category": "product_name",
"name": "IBM DB2",
"product": {
"name": "IBM DB2",
"product_id": "5104",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "8.5",
"product": {
"name": "IBM HTTP Server 8.5",
"product_id": "T001650",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:http_server:8.5"
}
}
},
{
"category": "product_version",
"name": "7",
"product": {
"name": "IBM HTTP Server 7.0",
"product_id": "T003674",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:http_server:7.0"
}
}
},
{
"category": "product_version",
"name": "8",
"product": {
"name": "IBM HTTP Server 8.0",
"product_id": "T003675",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:http_server:8.0"
}
}
},
{
"category": "product_version",
"name": "9",
"product": {
"name": "IBM HTTP Server 9.0",
"product_id": "T008162",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:http_server:9.0"
}
}
}
],
"category": "product_name",
"name": "HTTP Server"
},
{
"category": "product_name",
"name": "IBM MQ",
"product": {
"name": "IBM MQ",
"product_id": "T021398",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "7.5",
"product": {
"name": "IBM QRadar SIEM 7.5",
"product_id": "T022954",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5"
}
}
},
{
"category": "product_version",
"name": "7.4",
"product": {
"name": "IBM QRadar SIEM 7.4",
"product_id": "T024775",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.4"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
},
{
"category": "product_name",
"name": "IBM Rational ClearCase",
"product": {
"name": "IBM Rational ClearCase",
"product_id": "T004180",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_clearcase:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "11.4",
"product": {
"name": "IBM Security Guardium 11.4",
"product_id": "1076561",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_guardium:11.4"
}
}
},
{
"category": "product_version",
"name": "11.5",
"product": {
"name": "IBM Security Guardium 11.5",
"product_id": "T026399",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_guardium:11.5"
}
}
}
],
"category": "product_name",
"name": "Security Guardium"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM Tivoli Monitoring",
"product": {
"name": "IBM Tivoli Monitoring",
"product_id": "T000066",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_monitoring:6"
}
}
},
{
"category": "product_version",
"name": "6.3.0.7 sp12",
"product": {
"name": "IBM Tivoli Monitoring 6.3.0.7 sp12",
"product_id": "T024776",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_monitoring:6.3.0.7_sp12"
}
}
}
],
"category": "product_name",
"name": "Tivoli Monitoring"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.2.0.16",
"product": {
"name": "IBM Tivoli Network Manager \u003c4.2.0.16",
"product_id": "T025752"
}
}
],
"category": "product_name",
"name": "Tivoli Network Manager"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel",
"product": {
"name": "Insyde UEFI Firmware kernel",
"product_id": "T034716",
"product_identification_helper": {
"cpe": "cpe:/h:insyde:uefi:kernel"
}
}
}
],
"category": "product_name",
"name": "UEFI Firmware"
}
],
"category": "vendor",
"name": "Insyde"
},
{
"branches": [
{
"category": "product_name",
"name": "NetApp ActiveIQ Unified Manager",
"product": {
"name": "NetApp ActiveIQ Unified Manager",
"product_id": "T016960",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:-"
}
}
},
{
"category": "product_name",
"name": "NetApp Data ONTAP",
"product": {
"name": "NetApp Data ONTAP",
"product_id": "7654",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:data_ontap:-"
}
}
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source CentOS",
"product": {
"name": "Open Source CentOS",
"product_id": "1727",
"product_identification_helper": {
"cpe": "cpe:/o:centos:centos:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.4.9",
"product": {
"name": "Open Source expat \u003c2.4.9",
"product_id": "T024686"
}
}
],
"category": "product_name",
"name": "expat"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7",
"product": {
"name": "OpenBSD OpenBSD 7.0",
"product_id": "T021607",
"product_identification_helper": {
"cpe": "cpe:/a:openbsd:openbsd:7.0"
}
}
},
{
"category": "product_version",
"name": "7.1",
"product": {
"name": "OpenBSD OpenBSD 7.1",
"product_id": "T023225",
"product_identification_helper": {
"cpe": "cpe:/a:openbsd:openbsd:7.1"
}
}
}
],
"category": "product_name",
"name": "OpenBSD"
}
],
"category": "vendor",
"name": "OpenBSD"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "3",
"product": {
"name": "Oracle VM 3",
"product_id": "T019617",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:vm:3"
}
}
}
],
"category": "product_name",
"name": "VM"
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift",
"product": {
"name": "Red Hat OpenShift",
"product_id": "T008027",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.3.1",
"product": {
"name": "Tenable Security Nessus \u003c10.3.1",
"product_id": "T025130"
}
},
{
"category": "product_version_range",
"name": "\u003c8.15.7",
"product": {
"name": "Tenable Security Nessus \u003c8.15.7",
"product_id": "T025285"
}
}
],
"category": "product_name",
"name": "Nessus"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.2.1",
"product": {
"name": "Tenable Security Nessus Network Monitor \u003c6.2.1",
"product_id": "T027665"
}
}
],
"category": "product_name",
"name": "Nessus Network Monitor"
}
],
"category": "vendor",
"name": "Tenable Security"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-40674",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in expat aufgrund eines \"Use After Free\" Fehlers in der \"doContent\" function in [xmlparse.c]. Ein Angreifer kann dies ausnutzen, um potenziell Code auszuf\u00fchren oder um einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T025130",
"67646",
"T021607",
"T004914",
"T025752",
"T001663",
"T019617",
"398363",
"T021398",
"T027461",
"T027462",
"T008027",
"T027460",
"T003674",
"T034716",
"T003675",
"7654",
"1076561",
"T012167",
"T016960",
"T022954",
"2951",
"T002207",
"T023225",
"T024776",
"T000126",
"5104",
"T004180",
"T024775",
"T027665",
"T027841",
"T000066",
"T001650",
"T008162",
"T027842",
"1727",
"T021486",
"T025285",
"T026399",
"T020130"
]
},
"release_date": "2022-09-22T22:00:00.000+00:00",
"title": "CVE-2022-40674"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…