Action not permitted
Modal body text goes here.
Modal Title
Modal Body
WID-SEC-W-2024-2086
Vulnerability from csaf_certbund - Published: 2024-09-09 22:00 - Updated: 2024-09-09 22:00Summary
SAP Patchday September 2024
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: SAP stellt unternehmensweite Lösungen für Geschäftsprozesse wie Buchführung, Vertrieb, Einkauf und Lagerhaltung zur Verfügung.
Angriff: Ein Angreifer kann mehrere Schwachstellen in SAP Software ausnutzen, um seine Privilegien zu erhöhen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- Windows
Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungsprüfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuführen. Einige dieser Sicherheitslücken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.
Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungsprüfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuführen. Einige dieser Sicherheitslücken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.
Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungsprüfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuführen. Einige dieser Sicherheitslücken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.
Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungsprüfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuführen. Einige dieser Sicherheitslücken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.
Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungsprüfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuführen. Einige dieser Sicherheitslücken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.
Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungsprüfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuführen. Einige dieser Sicherheitslücken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.
Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungsprüfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuführen. Einige dieser Sicherheitslücken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.
Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungsprüfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuführen. Einige dieser Sicherheitslücken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.
Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungsprüfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuführen. Einige dieser Sicherheitslücken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.
Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungsprüfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuführen. Einige dieser Sicherheitslücken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.
Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungsprüfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuführen. Einige dieser Sicherheitslücken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.
Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungsprüfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuführen. Einige dieser Sicherheitslücken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.
Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungsprüfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuführen. Einige dieser Sicherheitslücken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.
Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungsprüfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuführen. Einige dieser Sicherheitslücken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.
Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungsprüfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuführen. Einige dieser Sicherheitslücken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.
Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungsprüfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuführen. Einige dieser Sicherheitslücken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.
Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungsprüfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuführen. Einige dieser Sicherheitslücken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.
Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungsprüfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuführen. Einige dieser Sicherheitslücken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.
Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungsprüfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuführen. Einige dieser Sicherheitslücken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.
Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungsprüfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuführen. Einige dieser Sicherheitslücken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.
Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungsprüfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuführen. Einige dieser Sicherheitslücken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.
Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungsprüfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuführen. Einige dieser Sicherheitslücken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.
Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungsprüfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuführen. Einige dieser Sicherheitslücken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.
Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungsprüfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuführen. Einige dieser Sicherheitslücken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.
Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungsprüfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuführen. Einige dieser Sicherheitslücken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.
Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungsprüfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erhöhen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuführen. Einige dieser Sicherheitslücken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.
References
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "SAP stellt unternehmensweite L\u00f6sungen f\u00fcr Gesch\u00e4ftsprozesse wie Buchf\u00fchrung, Vertrieb, Einkauf und Lagerhaltung zur Verf\u00fcgung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in SAP Software ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-2086 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-2086.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-2086 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2086"
},
{
"category": "external",
"summary": "SAP Security Patch Day \u2013 September 2024 vom 2024-09-09",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/september-2024.html"
}
],
"source_lang": "en-US",
"title": "SAP Patchday September 2024",
"tracking": {
"current_release_date": "2024-09-09T22:00:00.000+00:00",
"generator": {
"date": "2024-09-10T10:03:41.307+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.6"
}
},
"id": "WID-SEC-W-2024-2086",
"initial_release_date": "2024-09-09T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-09-09T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "SAP Software",
"product": {
"name": "SAP Software",
"product_id": "T031077",
"product_identification_helper": {
"cpe": "cpe:/a:sap:sap:-"
}
}
}
],
"category": "vendor",
"name": "SAP"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-3587",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2013-3587"
},
{
"cve": "CVE-2022-0778",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2022-0778"
},
{
"cve": "CVE-2023-0215",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2023-0215"
},
{
"cve": "CVE-2023-0286",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2023-0286"
},
{
"cve": "CVE-2024-33003",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-33003"
},
{
"cve": "CVE-2024-41728",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-41728"
},
{
"cve": "CVE-2024-41729",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-41729"
},
{
"cve": "CVE-2024-41730",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-41730"
},
{
"cve": "CVE-2024-42371",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-42371"
},
{
"cve": "CVE-2024-42378",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-42378"
},
{
"cve": "CVE-2024-42380",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-42380"
},
{
"cve": "CVE-2024-44112",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-44112"
},
{
"cve": "CVE-2024-44113",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-44113"
},
{
"cve": "CVE-2024-44114",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-44114"
},
{
"cve": "CVE-2024-44115",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-44115"
},
{
"cve": "CVE-2024-44116",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-44116"
},
{
"cve": "CVE-2024-44117",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-44117"
},
{
"cve": "CVE-2024-44120",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-44120"
},
{
"cve": "CVE-2024-44121",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-44121"
},
{
"cve": "CVE-2024-45279",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-45279"
},
{
"cve": "CVE-2024-45280",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-45280"
},
{
"cve": "CVE-2024-45281",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-45281"
},
{
"cve": "CVE-2024-45283",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-45283"
},
{
"cve": "CVE-2024-45284",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-45284"
},
{
"cve": "CVE-2024-45285",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-45285"
},
{
"cve": "CVE-2024-45286",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-45286"
}
]
}
CVE-2024-41730 (GCVE-0-2024-41730)
Vulnerability from cvelistv5 – Published: 2024-08-13 03:31 – Updated: 2024-08-16 04:01
VLAI?
EPSS
Title
Missing Authentication check in SAP BusinessObjects Business Intelligence Platform
Summary
In SAP BusinessObjects Business Intelligence
Platform, if Single Signed On is enabled on Enterprise authentication, an
unauthorized user can get a logon token using a REST endpoint. The attacker can
fully compromise the system resulting in High impact on confidentiality,
integrity and availability.
Severity ?
9.8 (Critical)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP BusinessObjects Business Intelligence Platform |
Affected:
ENTERPRISE 430
Affected: 440 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sap_se:sap_business_objects_business_intgelligence_platform:440:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_business_objects_business_intgelligence_platform",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "440"
}
]
},
{
"cpes": [
"cpe:2.3:a:sap_se:sap_business_objects_business_intgelligence_platform:430:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sap_business_objects_business_intgelligence_platform",
"vendor": "sap_se",
"versions": [
{
"status": "affected",
"version": "430"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41730",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T04:01:44.403Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP BusinessObjects Business Intelligence Platform",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "ENTERPRISE 430"
},
{
"status": "affected",
"version": "440"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In SAP BusinessObjects Business Intelligence\nPlatform, if Single Signed On is enabled on Enterprise authentication, an\nunauthorized user can get a logon token using a REST endpoint. The attacker can\nfully compromise the system resulting in High impact on confidentiality,\nintegrity and availability."
}
],
"value": "In SAP BusinessObjects Business Intelligence\nPlatform, if Single Signed On is enabled on Enterprise authentication, an\nunauthorized user can get a logon token using a REST endpoint. The attacker can\nfully compromise the system resulting in High impact on confidentiality,\nintegrity and availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T03:31:37.327Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3479478"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Authentication check in SAP BusinessObjects Business Intelligence Platform",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-41730",
"datePublished": "2024-08-13T03:31:37.327Z",
"dateReserved": "2024-07-22T08:06:52.675Z",
"dateUpdated": "2024-08-16T04:01:44.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45283 (GCVE-0-2024-45283)
Vulnerability from cvelistv5 – Published: 2024-09-10 04:52 – Updated: 2024-09-10 13:46
VLAI?
EPSS
Title
Information disclosure vulnerability in SAP NetWeaver AS for Java (Destination Service)
Summary
SAP NetWeaver AS for Java allows an authorized attacker to obtain sensitive information. The attacker could obtain the username and password when creating an RFC destination. After successful exploitation, an attacker can read the sensitive information but cannot modify or delete the data.
Severity ?
6 (Medium)
CWE
- CWE-256 - Plaintext Storage of a Password
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP NetWeaver AS for Java (Destination Service) |
Affected:
7.50
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45283",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:46:01.984548Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T13:46:19.680Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP NetWeaver AS for Java (Destination Service)",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "7.50"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP NetWeaver AS for Java allows an authorized attacker to obtain sensitive information. The attacker could obtain the username and password when creating an RFC destination. After successful exploitation, an attacker can read the sensitive information but cannot modify or delete the data.\u003c/p\u003e"
}
],
"value": "SAP NetWeaver AS for Java allows an authorized attacker to obtain sensitive information. The attacker could obtain the username and password when creating an RFC destination. After successful exploitation, an attacker can read the sensitive information but cannot modify or delete the data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256: Plaintext Storage of a Password",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T04:52:30.209Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3477359"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information disclosure vulnerability in SAP NetWeaver AS for Java (Destination Service)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-45283",
"datePublished": "2024-09-10T04:52:30.209Z",
"dateReserved": "2024-08-26T10:39:20.933Z",
"dateUpdated": "2024-09-10T13:46:19.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45284 (GCVE-0-2024-45284)
Vulnerability from cvelistv5 – Published: 2024-09-10 04:57 – Updated: 2024-09-10 13:45
VLAI?
EPSS
Title
Missing authorization check in SAP Student Life Cycle Management (SLcM)
Summary
An authenticated attacker with high privilege can use functions of SLCM transactions to which access should be restricted. This may result in an escalation of privileges causing low impact on integrity of the application.
Severity ?
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP Student Life Cycle Management (SLcM) |
Affected:
617
Affected: 618 Affected: 800 Affected: 802 Affected: 803 Affected: 804 Affected: 805 Affected: 806 Affected: 807 Affected: 808 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45284",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:45:00.805351Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T13:45:15.831Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP Student Life Cycle Management (SLcM)",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "617"
},
{
"status": "affected",
"version": "618"
},
{
"status": "affected",
"version": "800"
},
{
"status": "affected",
"version": "802"
},
{
"status": "affected",
"version": "803"
},
{
"status": "affected",
"version": "804"
},
{
"status": "affected",
"version": "805"
},
{
"status": "affected",
"version": "806"
},
{
"status": "affected",
"version": "807"
},
{
"status": "affected",
"version": "808"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated attacker with high privilege can use functions of SLCM transactions to which access should be restricted. This may result in an escalation of privileges causing low impact on integrity of the application.\u003c/p\u003e"
}
],
"value": "An authenticated attacker with high privilege can use functions of SLCM transactions to which access should be restricted. This may result in an escalation of privileges causing low impact on integrity of the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T04:57:24.442Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/2256627"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing authorization check in SAP Student Life Cycle Management (SLcM)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-45284",
"datePublished": "2024-09-10T04:57:24.442Z",
"dateReserved": "2024-08-26T10:39:20.933Z",
"dateUpdated": "2024-09-10T13:45:15.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41729 (GCVE-0-2024-41729)
Vulnerability from cvelistv5 – Published: 2024-09-10 02:33 – Updated: 2024-09-10 14:05
VLAI?
EPSS
Title
Information Disclosure vulnerability in the SAP NetWeaver BW (BEx Analyzer)
Summary
Due to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application.
Severity ?
4.3 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP NetWeaver BW (BEx Analyzer) |
Affected:
DW4CORE 200
Affected: DW4CORE 300 Affected: DW4CORE 400 Affected: SAP_BW 700 Affected: SAP_BW 701 Affected: SAP_BW 702 Affected: SAP_BW 731 Affected: SAP_BW 740 Affected: SAP_BW 750 Affected: SAP_BW 751 Affected: SAP_BW 752 Affected: SAP_BW 753 Affected: SAP_BW 754 Affected: SAP_BW 755 Affected: SAP_BW 756 Affected: SAP_BW 757 Affected: SAP_BW 758 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41729",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T14:05:27.673500Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T14:05:36.468Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP NetWeaver BW (BEx Analyzer)",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "DW4CORE 200"
},
{
"status": "affected",
"version": "DW4CORE 300"
},
{
"status": "affected",
"version": "DW4CORE 400"
},
{
"status": "affected",
"version": "SAP_BW 700"
},
{
"status": "affected",
"version": "SAP_BW 701"
},
{
"status": "affected",
"version": "SAP_BW 702"
},
{
"status": "affected",
"version": "SAP_BW 731"
},
{
"status": "affected",
"version": "SAP_BW 740"
},
{
"status": "affected",
"version": "SAP_BW 750"
},
{
"status": "affected",
"version": "SAP_BW 751"
},
{
"status": "affected",
"version": "SAP_BW 752"
},
{
"status": "affected",
"version": "SAP_BW 753"
},
{
"status": "affected",
"version": "SAP_BW 754"
},
{
"status": "affected",
"version": "SAP_BW 755"
},
{
"status": "affected",
"version": "SAP_BW 756"
},
{
"status": "affected",
"version": "SAP_BW 757"
},
{
"status": "affected",
"version": "SAP_BW 758"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDue to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application.\u003c/p\u003e"
}
],
"value": "Due to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "eng",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T02:33:32.937Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3481588"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information Disclosure vulnerability in the SAP NetWeaver BW (BEx Analyzer)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-41729",
"datePublished": "2024-09-10T02:33:32.937Z",
"dateReserved": "2024-07-22T08:06:52.675Z",
"dateUpdated": "2024-09-10T14:05:36.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42371 (GCVE-0-2024-42371)
Vulnerability from cvelistv5 – Published: 2024-09-10 02:37 – Updated: 2024-09-10 14:05
VLAI?
EPSS
Title
Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform
Summary
The RFC enabled function module allows a low privileged user to delete the workplace favourites of any user. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces and nodes. There is low impact on integrity and availability of the application.
Severity ?
5.4 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP NetWeaver Application Server for ABAP and ABAP Platform |
Affected:
700
Affected: 701 Affected: 702 Affected: 731 Affected: 740 Affected: 750 Affected: 751 Affected: 752 Affected: 753 Affected: 754 Affected: 755 Affected: 756 Affected: 757 Affected: 758 Affected: 912 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42371",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:44:33.425014Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T14:05:07.594Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP NetWeaver Application Server for ABAP and ABAP Platform",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "700"
},
{
"status": "affected",
"version": "701"
},
{
"status": "affected",
"version": "702"
},
{
"status": "affected",
"version": "731"
},
{
"status": "affected",
"version": "740"
},
{
"status": "affected",
"version": "750"
},
{
"status": "affected",
"version": "751"
},
{
"status": "affected",
"version": "752"
},
{
"status": "affected",
"version": "753"
},
{
"status": "affected",
"version": "754"
},
{
"status": "affected",
"version": "755"
},
{
"status": "affected",
"version": "756"
},
{
"status": "affected",
"version": "757"
},
{
"status": "affected",
"version": "758"
},
{
"status": "affected",
"version": "912"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe RFC enabled function module allows a low privileged user to delete the workplace favourites of any user. This vulnerability could be utilized to identify usernames and access information about targeted user\u0027s workplaces and nodes. There is low impact on integrity and availability of the application.\u003c/p\u003e"
}
],
"value": "The RFC enabled function module allows a low privileged user to delete the workplace favourites of any user. This vulnerability could be utilized to identify usernames and access information about targeted user\u0027s workplaces and nodes. There is low impact on integrity and availability of the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T02:37:47.259Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3488039"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-42371",
"datePublished": "2024-09-10T02:37:47.259Z",
"dateReserved": "2024-07-31T04:09:36.222Z",
"dateUpdated": "2024-09-10T14:05:07.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45286 (GCVE-0-2024-45286)
Vulnerability from cvelistv5 – Published: 2024-09-10 03:56 – Updated: 2024-09-10 13:26
VLAI?
EPSS
Title
Missing Authorization check in SAP Production and Revenue Accounting (Tobin interface)
Summary
Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability.
Severity ?
6.5 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP Production and Revenue Accounting (Tobin interface) |
Affected:
S4CEXT 106
Affected: S4CEXT 107 Affected: S4CEXT 108 Affected: IS-PRA 605 Affected: IS-PRA 606 Affected: IS-PRA 616 Affected: IS-PRA 617 Affected: IS-PRA 618 Affected: IS-PRA 800 Affected: IS-PRA 801 Affected: IS-PRA 802 Affected: IS-PRA 803 Affected: IS-PRA 804 Affected: IS-PRA 805 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45286",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:26:08.017203Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T13:26:21.584Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP Production and Revenue Accounting (Tobin interface)",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "S4CEXT 106"
},
{
"status": "affected",
"version": "S4CEXT 107"
},
{
"status": "affected",
"version": "S4CEXT 108"
},
{
"status": "affected",
"version": "IS-PRA 605"
},
{
"status": "affected",
"version": "IS-PRA 606"
},
{
"status": "affected",
"version": "IS-PRA 616"
},
{
"status": "affected",
"version": "IS-PRA 617"
},
{
"status": "affected",
"version": "IS-PRA 618"
},
{
"status": "affected",
"version": "IS-PRA 800"
},
{
"status": "affected",
"version": "IS-PRA 801"
},
{
"status": "affected",
"version": "IS-PRA 802"
},
{
"status": "affected",
"version": "IS-PRA 803"
},
{
"status": "affected",
"version": "IS-PRA 804"
},
{
"status": "affected",
"version": "IS-PRA 805"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDue to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability.\u003c/p\u003e"
}
],
"value": "Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T03:56:36.139Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3488341"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Authorization check in SAP Production and Revenue Accounting (Tobin interface)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-45286",
"datePublished": "2024-09-10T03:56:36.139Z",
"dateReserved": "2024-08-26T10:39:20.933Z",
"dateUpdated": "2024-09-10T13:26:21.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3587 (GCVE-0-2013-3587)
Vulnerability from cvelistv5 – Published: 2020-02-21 17:11 – Updated: 2024-08-06 16:14
VLAI?
EPSS
Summary
The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.
Severity ?
No CVSS data available.
CWE
- Other
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HTTPS protocol |
Affected:
all
|
Date Public ?
2012-09-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://breachattack.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://slashdot.org/story/13/08/05/233216"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.blackhat.com/us-13/briefings.html#Prado"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/meldium/breach-mitigation-rails"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/987798"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/254895"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=995168"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K14634"
},
{
"name": "[httpd-dev] 20210409 GSOC project Idea- fix for CVE-2013-3587",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1%40%3Cdev.httpd.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HTTPS protocol",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"datePublic": "2012-09-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a \"BREACH\" attack, a different issue than CVE-2012-4929."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-10T00:06:26.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://breachattack.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://slashdot.org/story/13/08/05/233216"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.blackhat.com/us-13/briefings.html#Prado"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/meldium/breach-mitigation-rails"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.kb.cert.org/vuls/id/987798"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/254895"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=995168"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.f5.com/csp/article/K14634"
},
{
"name": "[httpd-dev] 20210409 GSOC project Idea- fix for CVE-2013-3587",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1%40%3Cdev.httpd.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HTTPS protocol",
"version": {
"version_data": [
{
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a \"BREACH\" attack, a different issue than CVE-2012-4929."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://breachattack.com/",
"refsource": "MISC",
"url": "http://breachattack.com/"
},
{
"name": "http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407",
"refsource": "MISC",
"url": "http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407"
},
{
"name": "http://slashdot.org/story/13/08/05/233216",
"refsource": "MISC",
"url": "http://slashdot.org/story/13/08/05/233216"
},
{
"name": "http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf",
"refsource": "MISC",
"url": "http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf"
},
{
"name": "https://www.blackhat.com/us-13/briefings.html#Prado",
"refsource": "MISC",
"url": "https://www.blackhat.com/us-13/briefings.html#Prado"
},
{
"name": "http://github.com/meldium/breach-mitigation-rails",
"refsource": "MISC",
"url": "http://github.com/meldium/breach-mitigation-rails"
},
{
"name": "https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/",
"refsource": "MISC",
"url": "https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/"
},
{
"name": "http://www.kb.cert.org/vuls/id/987798",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/987798"
},
{
"name": "https://hackerone.com/reports/254895",
"refsource": "MISC",
"url": "https://hackerone.com/reports/254895"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=995168",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=995168"
},
{
"name": "https://support.f5.com/csp/article/K14634",
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K14634"
},
{
"name": "[httpd-dev] 20210409 GSOC project Idea- fix for CVE-2013-3587",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1@%3Cdev.httpd.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2013-3587",
"datePublished": "2020-02-21T17:11:47.000Z",
"dateReserved": "2013-05-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:14:56.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45279 (GCVE-0-2024-45279)
Vulnerability from cvelistv5 – Published: 2024-09-10 04:29 – Updated: 2024-09-10 13:20
VLAI?
EPSS
Title
Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel)
Summary
Due to insufficient input validation, CRM Blueprint Application Builder Panel of SAP NetWeaver Application Server for ABAP allows an unauthenticated attacker to craft a URL link which could embed a malicious JavaScript. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify information with no effect on availability of the application.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel) |
Affected:
700
Affected: 701 Affected: 702 Affected: 731 Affected: 740 Affected: 750 Affected: 751 Affected: 752 Affected: 75C Affected: 75D Affected: 75E Affected: 75F Affected: 75G Affected: 75H Affected: 75I |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45279",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:20:24.409522Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T13:20:33.379Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel)",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "700"
},
{
"status": "affected",
"version": "701"
},
{
"status": "affected",
"version": "702"
},
{
"status": "affected",
"version": "731"
},
{
"status": "affected",
"version": "740"
},
{
"status": "affected",
"version": "750"
},
{
"status": "affected",
"version": "751"
},
{
"status": "affected",
"version": "752"
},
{
"status": "affected",
"version": "75C"
},
{
"status": "affected",
"version": "75D"
},
{
"status": "affected",
"version": "75E"
},
{
"status": "affected",
"version": "75F"
},
{
"status": "affected",
"version": "75G"
},
{
"status": "affected",
"version": "75H"
},
{
"status": "affected",
"version": "75I"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDue to insufficient input validation, CRM Blueprint Application Builder Panel of SAP NetWeaver Application Server for ABAP allows an unauthenticated attacker to craft a URL link which could embed a malicious JavaScript. When a victim clicks on this link, the script will be executed in the victim\u0027s browser giving the attacker the ability to access and/or modify information with no effect on availability of the application.\u003c/p\u003e"
}
],
"value": "Due to insufficient input validation, CRM Blueprint Application Builder Panel of SAP NetWeaver Application Server for ABAP allows an unauthenticated attacker to craft a URL link which could embed a malicious JavaScript. When a victim clicks on this link, the script will be executed in the victim\u0027s browser giving the attacker the ability to access and/or modify information with no effect on availability of the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T04:29:45.830Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3501359"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-45279",
"datePublished": "2024-09-10T04:29:45.830Z",
"dateReserved": "2024-08-26T10:39:20.932Z",
"dateUpdated": "2024-09-10T13:20:33.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-44113 (GCVE-0-2024-44113)
Vulnerability from cvelistv5 – Published: 2024-09-10 03:04 – Updated: 2024-09-10 13:27
VLAI?
EPSS
Title
Information Disclosure vulnerability in the SAP Business Warehouse (BEx Analyzer)
Summary
Due to missing authorization checks, SAP Business Warehouse (BEx Analyzer) allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application.
Severity ?
4.3 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP Business Warehouse (BEx Analyzer) |
Affected:
DW4CORE 200
Affected: DW4CORE 300 Affected: DW4CORE 400 Affected: SAP_BW 700 Affected: SAP_BW 701 Affected: SAP_BW 702 Affected: SAP_BW 731 Affected: SAP_BW 740 Affected: SAP_BW 750 Affected: SAP_BW 751 Affected: SAP_BW 752 Affected: SAP_BW 753 Affected: SAP_BW 754 Affected: SAP_BW 755 Affected: SAP_BW 756 Affected: SAP_BW 757 Affected: SAP_BW 758 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44113",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:27:38.796447Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T13:27:59.898Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP Business Warehouse (BEx Analyzer)",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "DW4CORE 200"
},
{
"status": "affected",
"version": "DW4CORE 300"
},
{
"status": "affected",
"version": "DW4CORE 400"
},
{
"status": "affected",
"version": "SAP_BW 700"
},
{
"status": "affected",
"version": "SAP_BW 701"
},
{
"status": "affected",
"version": "SAP_BW 702"
},
{
"status": "affected",
"version": "SAP_BW 731"
},
{
"status": "affected",
"version": "SAP_BW 740"
},
{
"status": "affected",
"version": "SAP_BW 750"
},
{
"status": "affected",
"version": "SAP_BW 751"
},
{
"status": "affected",
"version": "SAP_BW 752"
},
{
"status": "affected",
"version": "SAP_BW 753"
},
{
"status": "affected",
"version": "SAP_BW 754"
},
{
"status": "affected",
"version": "SAP_BW 755"
},
{
"status": "affected",
"version": "SAP_BW 756"
},
{
"status": "affected",
"version": "SAP_BW 757"
},
{
"status": "affected",
"version": "SAP_BW 758"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDue to missing authorization checks, SAP Business Warehouse (BEx Analyzer) allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application.\u003c/p\u003e"
}
],
"value": "Due to missing authorization checks, SAP Business Warehouse (BEx Analyzer) allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "eng",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T05:05:38.527Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3481992"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information Disclosure vulnerability in the SAP Business Warehouse (BEx Analyzer)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-44113",
"datePublished": "2024-09-10T03:04:28.683Z",
"dateReserved": "2024-08-20T20:22:59.936Z",
"dateUpdated": "2024-09-10T13:27:59.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-44120 (GCVE-0-2024-44120)
Vulnerability from cvelistv5 – Published: 2024-09-10 04:26 – Updated: 2024-09-10 13:21
VLAI?
EPSS
Title
Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal
Summary
SAP NetWeaver Enterprise Portal is vulnerable to reflected cross site scripting due to insufficient encoding of user-controlled input. An unauthenticated attacker could craft a malicious URL and trick a user to click it. If the victim clicks on this crafted URL before it times out, then the attacker could read and manipulate user content in the browser.
Severity ?
4.7 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP NetWeaver Enterprise Portal |
Affected:
7.50
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44120",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:21:09.615332Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T13:21:19.086Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP NetWeaver Enterprise Portal",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "7.50"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP NetWeaver Enterprise Portal is vulnerable to reflected cross site scripting due to insufficient encoding of user-controlled input. An unauthenticated attacker could craft a malicious URL and trick a user to click it. If the victim clicks on this crafted URL before it times out, then the attacker could read and manipulate user content in the browser.\u003c/p\u003e"
}
],
"value": "SAP NetWeaver Enterprise Portal is vulnerable to reflected cross site scripting due to insufficient encoding of user-controlled input. An unauthenticated attacker could craft a malicious URL and trick a user to click it. If the victim clicks on this crafted URL before it times out, then the attacker could read and manipulate user content in the browser."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T04:26:46.558Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3498221"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-44120",
"datePublished": "2024-09-10T04:26:46.558Z",
"dateReserved": "2024-08-20T20:22:59.937Z",
"dateUpdated": "2024-09-10T13:21:19.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45280 (GCVE-0-2024-45280)
Vulnerability from cvelistv5 – Published: 2024-09-10 04:31 – Updated: 2024-09-16 16:16
VLAI?
EPSS
Title
Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver AS Java (Logon Application)
Summary
Due to insufficient encoding of user-controlled inputs, SAP NetWeaver AS Java allows malicious scripts to be executed in the login application. This has a limited impact on confidentiality and integrity of the application. There is no impact on availability.
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP NetWeaver AS Java (Logon Application) |
Affected:
7.50
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45280",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:19:53.353628Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T16:16:44.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP NetWeaver AS Java (Logon Application)",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "7.50"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDue to insufficient encoding of user-controlled inputs, SAP NetWeaver AS Java allows malicious scripts to be executed in the login application. This has a limited impact on confidentiality and integrity of the application. There is no impact on availability.\u003c/p\u003e"
}
],
"value": "Due to insufficient encoding of user-controlled inputs, SAP NetWeaver AS Java allows malicious scripts to be executed in the login application. This has a limited impact on confidentiality and integrity of the application. There is no impact on availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T04:31:10.299Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3505503"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver AS Java (Logon Application)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-45280",
"datePublished": "2024-09-10T04:31:10.299Z",
"dateReserved": "2024-08-26T10:39:20.932Z",
"dateUpdated": "2024-09-16T16:16:44.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42378 (GCVE-0-2024-42378)
Vulnerability from cvelistv5 – Published: 2024-09-10 02:41 – Updated: 2024-09-10 13:38
VLAI?
EPSS
Title
Cross-Site Scripting (XSS) in eProcurement on S/4HANA
Summary
Due to weak encoding of user-controlled inputs, eProcurement on SAP S/4HANA allows malicious scripts to be executed in the application, potentially leading to a Reflected Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application, but it can have some minor impact on its confidentiality and integrity.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP S/4HANA eProcurement |
Affected:
SAP_APPL 606
Affected: SAP_APPL 617 Affected: SAP_APPL 618 Affected: S4CORE 102 Affected: S4CORE 103 Affected: S4CORE 104 Affected: S4CORE 105 Affected: S4CORE 106 Affected: S4CORE 107 Affected: S4CORE 108 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42378",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:37:49.703694Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T13:38:11.796Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP S/4HANA eProcurement",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "SAP_APPL 606"
},
{
"status": "affected",
"version": "SAP_APPL 617"
},
{
"status": "affected",
"version": "SAP_APPL 618"
},
{
"status": "affected",
"version": "S4CORE 102"
},
{
"status": "affected",
"version": "S4CORE 103"
},
{
"status": "affected",
"version": "S4CORE 104"
},
{
"status": "affected",
"version": "S4CORE 105"
},
{
"status": "affected",
"version": "S4CORE 106"
},
{
"status": "affected",
"version": "S4CORE 107"
},
{
"status": "affected",
"version": "S4CORE 108"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDue to weak encoding of user-controlled inputs, eProcurement on SAP S/4HANA allows malicious scripts to be executed in the application, potentially leading to a Reflected Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application, but it can have some minor impact on its confidentiality and integrity.\u003c/p\u003e"
}
],
"value": "Due to weak encoding of user-controlled inputs, eProcurement on SAP S/4HANA allows malicious scripts to be executed in the application, potentially leading to a Reflected Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application, but it can have some minor impact on its confidentiality and integrity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T02:41:47.517Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3497347"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting (XSS) in eProcurement on S/4HANA",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-42378",
"datePublished": "2024-09-10T02:41:47.517Z",
"dateReserved": "2024-07-31T04:09:36.223Z",
"dateUpdated": "2024-09-10T13:38:11.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-44121 (GCVE-0-2024-44121)
Vulnerability from cvelistv5 – Published: 2024-09-10 04:28 – Updated: 2024-09-10 13:20
VLAI?
EPSS
Title
Information Disclosure in SAP S/4 HANA (Statutory Reports)
Summary
Under certain conditions Statutory Reports in SAP S/4 HANA allows an attacker with basic privileges to access information which would otherwise be restricted. The vulnerability could expose internal user data that should remain confidential. It does not impact the integrity and availability of the application
Severity ?
4.3 (Medium)
CWE
- CWE-213 - Exposure of Sensitive Information Due to Incompatible Policies
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP S/4 HANA (Statutory Reports) |
Affected:
900
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44121",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:20:49.592719Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T13:20:58.919Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP S/4 HANA (Statutory Reports)",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "900"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUnder certain conditions Statutory Reports in SAP S/4 HANA allows an attacker with basic privileges to access information which would otherwise be restricted. The vulnerability could expose internal user data that should remain confidential. It does not impact the integrity and availability of the application\u003c/p\u003e"
}
],
"value": "Under certain conditions Statutory Reports in SAP S/4 HANA allows an attacker with basic privileges to access information which would otherwise be restricted. The vulnerability could expose internal user data that should remain confidential. It does not impact the integrity and availability of the application"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-213",
"description": "CWE-213: Exposure of Sensitive Information Due to Incompatible Policies",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T04:28:07.353Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3437585"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information Disclosure in SAP S/4 HANA (Statutory Reports)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-44121",
"datePublished": "2024-09-10T04:28:07.353Z",
"dateReserved": "2024-08-20T20:22:59.937Z",
"dateUpdated": "2024-09-10T13:20:58.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0215 (GCVE-0-2023-0215)
Vulnerability from cvelistv5 – Published: 2023-02-08 19:03 – Updated: 2025-11-04 19:14
VLAI?
EPSS
Title
Use-after-free following BIO_new_NDEF
Summary
The public API function BIO_new_NDEF is a helper function used for streaming
ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the
SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by
end user applications.
The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter
BIO onto the front of it to form a BIO chain, and then returns the new head of
the BIO chain to the caller. Under certain conditions, for example if a CMS
recipient public key is invalid, the new filter BIO is freed and the function
returns a NULL result indicating a failure. However, in this case, the BIO chain
is not properly cleaned up and the BIO passed by the caller still retains
internal pointers to the previously freed filter BIO. If the caller then goes on
to call BIO_pop() on the BIO then a use-after-free will occur. This will most
likely result in a crash.
This scenario occurs directly in the internal function B64_write_ASN1() which
may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on
the BIO. This internal function is in turn called by the public API functions
PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream,
SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.
Other public API functions that may be impacted by this include
i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and
i2d_PKCS7_bio_stream.
The OpenSSL cms and smime command line applications are similarly affected.
Severity ?
No CVSS data available.
CWE
- use-after-free
Assigner
References
Impacted products
Date Public ?
2023-02-07 00:00
Credits
Octavio Galland (Max Planck Institute for Security and Privacy)
Marcel Böhme (Max Planck Institute for Security and Privacy)
Viktor Dukhovni
Matt Caswell
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:14:32.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20230207.txt"
},
{
"name": "3.0.8 git commit",
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd"
},
{
"name": "1.1.1t git commit",
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344"
},
{
"name": "1.0.2zg patch (premium)",
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230427-0007/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230427-0009/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-08"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-0215",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:26:40.603939Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:32:52.734Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.0.8",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "1.1.1t",
"status": "affected",
"version": "1.1.1",
"versionType": "custom"
},
{
"lessThan": "1.0.2zg",
"status": "affected",
"version": "1.0.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Octavio Galland (Max Planck Institute for Security and Privacy)"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Marcel B\u00f6hme (Max Planck Institute for Security and Privacy)"
},
{
"lang": "en",
"type": "remediation developer",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Viktor Dukhovni"
},
{
"lang": "en",
"type": "remediation developer",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Matt Caswell"
}
],
"datePublic": "2023-02-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The public API function BIO_new_NDEF is a helper function used for streaming\u003cbr\u003eASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the\u003cbr\u003eSMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by\u003cbr\u003eend user applications.\u003cbr\u003e\u003cbr\u003eThe function receives a BIO from the caller, prepends a new BIO_f_asn1 filter\u003cbr\u003eBIO onto the front of it to form a BIO chain, and then returns the new head of\u003cbr\u003ethe BIO chain to the caller. Under certain conditions, for example if a CMS\u003cbr\u003erecipient public key is invalid, the new filter BIO is freed and the function\u003cbr\u003ereturns a NULL result indicating a failure. However, in this case, the BIO chain\u003cbr\u003eis not properly cleaned up and the BIO passed by the caller still retains\u003cbr\u003einternal pointers to the previously freed filter BIO. If the caller then goes on\u003cbr\u003eto call BIO_pop() on the BIO then a use-after-free will occur. This will most\u003cbr\u003elikely result in a crash.\u003cbr\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis scenario occurs directly in the internal function B64_write_ASN1() which\u003cbr\u003emay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on\u003cbr\u003ethe BIO. This internal function is in turn called by the public API functions\u003cbr\u003ePEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream,\u003cbr\u003eSMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.\u003cbr\u003e\u003cbr\u003eOther public API functions that may be impacted by this include\u003cbr\u003ei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and\u003cbr\u003ei2d_PKCS7_bio_stream.\u003cbr\u003e\u003cbr\u003eThe OpenSSL cms and smime command line applications are similarly affected.\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "The public API function BIO_new_NDEF is a helper function used for streaming\nASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the\nSMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by\nend user applications.\n\nThe function receives a BIO from the caller, prepends a new BIO_f_asn1 filter\nBIO onto the front of it to form a BIO chain, and then returns the new head of\nthe BIO chain to the caller. Under certain conditions, for example if a CMS\nrecipient public key is invalid, the new filter BIO is freed and the function\nreturns a NULL result indicating a failure. However, in this case, the BIO chain\nis not properly cleaned up and the BIO passed by the caller still retains\ninternal pointers to the previously freed filter BIO. If the caller then goes on\nto call BIO_pop() on the BIO then a use-after-free will occur. This will most\nlikely result in a crash.\n\n\n\nThis scenario occurs directly in the internal function B64_write_ASN1() which\nmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on\nthe BIO. This internal function is in turn called by the public API functions\nPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream,\nSMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.\n\nOther public API functions that may be impacted by this include\ni2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and\ni2d_PKCS7_bio_stream.\n\nThe OpenSSL cms and smime command line applications are similarly affected."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Moderate"
},
"type": "https://www.openssl.org/policies/secpolicy.html"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "use-after-free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:07:45.229Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.openssl.org/news/secadv/20230207.txt"
},
{
"name": "3.0.8 git commit",
"tags": [
"patch"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd"
},
{
"name": "1.1.1t git commit",
"tags": [
"patch"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344"
},
{
"name": "1.0.2zg patch (premium)",
"tags": [
"patch"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230427-0007/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230427-0009/"
},
{
"url": "https://security.gentoo.org/glsa/202402-08"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Use-after-free following BIO_new_NDEF",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2023-0215",
"datePublished": "2023-02-08T19:03:28.691Z",
"dateReserved": "2023-01-11T11:59:16.647Z",
"dateUpdated": "2025-11-04T19:14:32.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-0286 (GCVE-0-2023-0286)
Vulnerability from cvelistv5 – Published: 2023-02-08 19:01 – Updated: 2025-11-04 19:14
VLAI?
EPSS
Title
X.400 address type confusion in X.509 GeneralName
Summary
There is a type confusion vulnerability relating to X.400 address processing
inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but
the public structure definition for GENERAL_NAME incorrectly specified the type
of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by
the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an
ASN1_STRING.
When CRL checking is enabled (i.e. the application sets the
X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass
arbitrary pointers to a memcmp call, enabling them to read memory contents or
enact a denial of service. In most cases, the attack requires the attacker to
provide both the certificate chain and CRL, neither of which need to have a
valid signature. If the attacker only controls one of these inputs, the other
input must already contain an X.400 address as a CRL distribution point, which
is uncommon. As such, this vulnerability is most likely to only affect
applications which have implemented their own functionality for retrieving CRLs
over a network.
Severity ?
No CVSS data available.
CWE
- type confusion vulnerability
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
Date Public ?
2023-02-07 00:00
Credits
David Benjamin (Google)
Hugo Landau
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:14:36.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20230207.txt"
},
{
"name": "3.0.8 git commit",
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658"
},
{
"name": "1.1.1t git commit",
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9"
},
{
"name": "1.0.2zg patch (premium)",
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d"
},
{
"tags": [
"x_transferred"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig"
},
{
"tags": [
"x_transferred"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-08"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-0286",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-06T15:57:22.031399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:32:52.864Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.0.8",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "1.1.1t",
"status": "affected",
"version": "1.1.1",
"versionType": "custom"
},
{
"lessThan": "1.0.2zg",
"status": "affected",
"version": "1.0.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "David Benjamin (Google)"
},
{
"lang": "en",
"type": "remediation developer",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Hugo Landau"
}
],
"datePublic": "2023-02-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is a type confusion vulnerability relating to X.400 address processing\u003cbr\u003einside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\u003cbr\u003ethe public structure definition for GENERAL_NAME incorrectly specified the type\u003cbr\u003eof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\u003cbr\u003ethe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\u003cbr\u003eASN1_STRING.\u003cbr\u003e\u003cbr\u003eWhen CRL checking is enabled (i.e. the application sets the\u003cbr\u003eX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\u003cbr\u003earbitrary pointers to a memcmp call, enabling them to read memory contents or\u003cbr\u003eenact a denial of service. In most cases, the attack requires the attacker to\u003cbr\u003eprovide both the certificate chain and CRL, neither of which need to have a\u003cbr\u003evalid signature. If the attacker only controls one of these inputs, the other\u003cbr\u003einput must already contain an X.400 address as a CRL distribution point, which\u003cbr\u003eis uncommon. As such, this vulnerability is most likely to only affect\u003cbr\u003eapplications which have implemented their own functionality for retrieving CRLs\u003cbr\u003eover a network.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "There is a type confusion vulnerability relating to X.400 address processing\ninside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\nthe public structure definition for GENERAL_NAME incorrectly specified the type\nof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\nthe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\nASN1_STRING.\n\nWhen CRL checking is enabled (i.e. the application sets the\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\narbitrary pointers to a memcmp call, enabling them to read memory contents or\nenact a denial of service. In most cases, the attack requires the attacker to\nprovide both the certificate chain and CRL, neither of which need to have a\nvalid signature. If the attacker only controls one of these inputs, the other\ninput must already contain an X.400 address as a CRL distribution point, which\nis uncommon. As such, this vulnerability is most likely to only affect\napplications which have implemented their own functionality for retrieving CRLs\nover a network."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "High"
},
"type": "https://www.openssl.org/policies/secpolicy.html"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "type confusion vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-04T09:06:58.565Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.openssl.org/news/secadv/20230207.txt"
},
{
"name": "3.0.8 git commit",
"tags": [
"patch"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658"
},
{
"name": "1.1.1t git commit",
"tags": [
"patch"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9"
},
{
"name": "1.0.2zg patch (premium)",
"tags": [
"patch"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d"
},
{
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig"
},
{
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt"
},
{
"url": "https://security.gentoo.org/glsa/202402-08"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "X.400 address type confusion in X.509 GeneralName",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2023-0286",
"datePublished": "2023-02-08T19:01:50.514Z",
"dateReserved": "2023-01-13T10:40:41.259Z",
"dateUpdated": "2025-11-04T19:14:36.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-45285 (GCVE-0-2024-45285)
Vulnerability from cvelistv5 – Published: 2024-09-10 04:59 – Updated: 2024-09-10 13:41
VLAI?
EPSS
Title
Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform
Summary
The RFC enabled function module allows a low privileged user to perform denial of service on any user and also change or delete favourite nodes. By sending a crafted packet in the function module targeting specific parameters, the specific targeted user will no longer have access to any functionality of SAP GUI. There is low impact on integrity and availability of the application.
Severity ?
5.4 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP NetWeaver Application Server for ABAP and ABAP Platform |
Affected:
700
Affected: 701 Affected: 702 Affected: 731 Affected: 740 Affected: 750 Affected: 751 Affected: 752 Affected: 753 Affected: 754 Affected: 755 Affected: 756 Affected: 757 Affected: 758 Affected: 912 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45285",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:40:57.518102Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T13:41:26.018Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP NetWeaver Application Server for ABAP and ABAP Platform",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "700"
},
{
"status": "affected",
"version": "701"
},
{
"status": "affected",
"version": "702"
},
{
"status": "affected",
"version": "731"
},
{
"status": "affected",
"version": "740"
},
{
"status": "affected",
"version": "750"
},
{
"status": "affected",
"version": "751"
},
{
"status": "affected",
"version": "752"
},
{
"status": "affected",
"version": "753"
},
{
"status": "affected",
"version": "754"
},
{
"status": "affected",
"version": "755"
},
{
"status": "affected",
"version": "756"
},
{
"status": "affected",
"version": "757"
},
{
"status": "affected",
"version": "758"
},
{
"status": "affected",
"version": "912"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe RFC enabled function module allows a low privileged user to perform denial of service on any user and also change or delete favourite nodes. By sending a crafted packet in the function module targeting specific parameters, the specific targeted user will no longer have access to any functionality of SAP GUI. There is low impact on integrity and availability of the application.\u003c/p\u003e"
}
],
"value": "The RFC enabled function module allows a low privileged user to perform denial of service on any user and also change or delete favourite nodes. By sending a crafted packet in the function module targeting specific parameters, the specific targeted user will no longer have access to any functionality of SAP GUI. There is low impact on integrity and availability of the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T04:59:01.937Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3488039"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-45285",
"datePublished": "2024-09-10T04:59:01.937Z",
"dateReserved": "2024-08-26T10:39:20.933Z",
"dateUpdated": "2024-09-10T13:41:26.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42380 (GCVE-0-2024-42380)
Vulnerability from cvelistv5 – Published: 2024-09-10 02:47 – Updated: 2024-09-10 13:37
VLAI?
EPSS
Title
Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform
Summary
The RFC enabled function module allows a low privileged user to read any user's workplace favourites and user menu along with all the specific data of each node. Usernames can be enumerated by exploiting vulnerability. There is low impact on confidentiality of the application.
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP NetWeaver Application Server for ABAP and ABAP Platform |
Affected:
700
Affected: 701 Affected: 702 Affected: 731 Affected: 740 Affected: 750 Affected: 751 Affected: 752 Affected: 753 Affected: 754 Affected: 755 Affected: 756 Affected: 757 Affected: 758 Affected: 912 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42380",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:37:47.263542Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T13:37:57.456Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP NetWeaver Application Server for ABAP and ABAP Platform",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "700"
},
{
"status": "affected",
"version": "701"
},
{
"status": "affected",
"version": "702"
},
{
"status": "affected",
"version": "731"
},
{
"status": "affected",
"version": "740"
},
{
"status": "affected",
"version": "750"
},
{
"status": "affected",
"version": "751"
},
{
"status": "affected",
"version": "752"
},
{
"status": "affected",
"version": "753"
},
{
"status": "affected",
"version": "754"
},
{
"status": "affected",
"version": "755"
},
{
"status": "affected",
"version": "756"
},
{
"status": "affected",
"version": "757"
},
{
"status": "affected",
"version": "758"
},
{
"status": "affected",
"version": "912"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe RFC enabled function module allows a low privileged user to read any user\u0027s workplace favourites and user menu along with all the specific data of each node. Usernames can be enumerated by exploiting vulnerability. There is low impact on confidentiality of the application.\u003c/p\u003e"
}
],
"value": "The RFC enabled function module allows a low privileged user to read any user\u0027s workplace favourites and user menu along with all the specific data of each node. Usernames can be enumerated by exploiting vulnerability. There is low impact on confidentiality of the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T02:47:52.783Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3488039"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-42380",
"datePublished": "2024-09-10T02:47:52.783Z",
"dateReserved": "2024-07-31T04:09:36.223Z",
"dateUpdated": "2024-09-10T13:37:57.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-44114 (GCVE-0-2024-44114)
Vulnerability from cvelistv5 – Published: 2024-09-10 03:06 – Updated: 2024-09-10 13:27
VLAI?
EPSS
Title
Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform
Summary
SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. This results in a minimal impact on confidentiality of the application.
Severity ?
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP NetWeaver Application Server for ABAP and ABAP Platform |
Affected:
702
Affected: 731 Affected: 740 Affected: 750 Affected: 751 Affected: 752 Affected: 753 Affected: 754 Affected: 755 Affected: 756 Affected: 757 Affected: 758 Affected: 912 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44114",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:27:35.804954Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T13:27:50.746Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP NetWeaver Application Server for ABAP and ABAP Platform",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "702"
},
{
"status": "affected",
"version": "731"
},
{
"status": "affected",
"version": "740"
},
{
"status": "affected",
"version": "750"
},
{
"status": "affected",
"version": "751"
},
{
"status": "affected",
"version": "752"
},
{
"status": "affected",
"version": "753"
},
{
"status": "affected",
"version": "754"
},
{
"status": "affected",
"version": "755"
},
{
"status": "affected",
"version": "756"
},
{
"status": "affected",
"version": "757"
},
{
"status": "affected",
"version": "758"
},
{
"status": "affected",
"version": "912"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. This results in a minimal impact on confidentiality of the application.\u003c/p\u003e"
}
],
"value": "SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. This results in a minimal impact on confidentiality of the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T03:06:18.174Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3507252"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-44114",
"datePublished": "2024-09-10T03:06:18.174Z",
"dateReserved": "2024-08-20T20:22:59.936Z",
"dateUpdated": "2024-09-10T13:27:50.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-44112 (GCVE-0-2024-44112)
Vulnerability from cvelistv5 – Published: 2024-09-10 04:03 – Updated: 2024-09-10 13:24
VLAI?
EPSS
Title
Missing Authorization check in SAP for Oil & Gas (Transportation and Distribution)
Summary
Due to missing authorization check in SAP for Oil & Gas (Transportation and Distribution), an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or availability.
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP for Oil & Gas |
Affected:
600
Affected: 602 Affected: 603 Affected: 604 Affected: 605 Affected: 606 Affected: 617 Affected: 618 Affected: 800 Affected: 802 Affected: 803 Affected: 804 Affected: 805 Affected: 806 Affected: 807 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44112",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:24:15.096498Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T13:24:25.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP for Oil \u0026 Gas",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "600"
},
{
"status": "affected",
"version": "602"
},
{
"status": "affected",
"version": "603"
},
{
"status": "affected",
"version": "604"
},
{
"status": "affected",
"version": "605"
},
{
"status": "affected",
"version": "606"
},
{
"status": "affected",
"version": "617"
},
{
"status": "affected",
"version": "618"
},
{
"status": "affected",
"version": "800"
},
{
"status": "affected",
"version": "802"
},
{
"status": "affected",
"version": "803"
},
{
"status": "affected",
"version": "804"
},
{
"status": "affected",
"version": "805"
},
{
"status": "affected",
"version": "806"
},
{
"status": "affected",
"version": "807"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDue to missing authorization check in SAP for Oil \u0026amp; Gas (Transportation and Distribution), an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or availability.\u003c/p\u003e"
}
],
"value": "Due to missing authorization check in SAP for Oil \u0026 Gas (Transportation and Distribution), an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T04:03:08.115Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3505293"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Authorization check in SAP for Oil \u0026 Gas (Transportation and Distribution)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-44112",
"datePublished": "2024-09-10T04:03:08.115Z",
"dateReserved": "2024-08-20T20:22:59.936Z",
"dateUpdated": "2024-09-10T13:24:25.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-44117 (GCVE-0-2024-44117)
Vulnerability from cvelistv5 – Published: 2024-09-10 04:25 – Updated: 2024-09-10 13:21
VLAI?
EPSS
Title
Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform
Summary
The RFC enabled function module allows a low privileged user to perform various actions, such as modifying the URLs of any user's favourite nodes and workbook ID. There is low impact on integrity and availability of the application.
Severity ?
5.4 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP NetWeaver Application Server for ABAP and ABAP Platform |
Affected:
700
Affected: 701 Affected: 702 Affected: 731 Affected: 740 Affected: 750 Affected: 751 Affected: 752 Affected: 753 Affected: 754 Affected: 755 Affected: 756 Affected: 757 Affected: 758 Affected: 912 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44117",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:21:33.859984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T13:21:46.673Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP NetWeaver Application Server for ABAP and ABAP Platform",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "700"
},
{
"status": "affected",
"version": "701"
},
{
"status": "affected",
"version": "702"
},
{
"status": "affected",
"version": "731"
},
{
"status": "affected",
"version": "740"
},
{
"status": "affected",
"version": "750"
},
{
"status": "affected",
"version": "751"
},
{
"status": "affected",
"version": "752"
},
{
"status": "affected",
"version": "753"
},
{
"status": "affected",
"version": "754"
},
{
"status": "affected",
"version": "755"
},
{
"status": "affected",
"version": "756"
},
{
"status": "affected",
"version": "757"
},
{
"status": "affected",
"version": "758"
},
{
"status": "affected",
"version": "912"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe RFC enabled function module allows a low privileged user to perform various actions, such as modifying the URLs of any user\u0027s favourite nodes and workbook ID. There is low impact on integrity and availability of the application.\u003c/p\u003e"
}
],
"value": "The RFC enabled function module allows a low privileged user to perform various actions, such as modifying the URLs of any user\u0027s favourite nodes and workbook ID. There is low impact on integrity and availability of the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T04:25:27.127Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3488039"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-44117",
"datePublished": "2024-09-10T04:25:27.127Z",
"dateReserved": "2024-08-20T20:22:59.937Z",
"dateUpdated": "2024-09-10T13:21:46.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0778 (GCVE-0-2022-0778)
Vulnerability from cvelistv5 – Published: 2022-03-15 17:05 – Updated: 2026-04-14 08:58
VLAI?
EPSS
Title
Infinite loop in BN_mod_sqrt() reachable when parsing certificates
Summary
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).
Severity ?
No CVSS data available.
CWE
- Infinite loop
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
Date Public ?
2022-03-15 00:00
Credits
Tavis Ormandy (Google)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:03.765Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20220315.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83"
},
{
"name": "DSA-5103",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5103"
},
{
"name": "[debian-lts-announce] 20220317 [SECURITY] [DLA 2952-1] openssl security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html"
},
{
"name": "[debian-lts-announce] 20220317 [SECURITY] [DLA 2953-1] openssl1.0 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html"
},
{
"name": "FEDORA-2022-a5f51502f0",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/"
},
{
"name": "FEDORA-2022-9e88b5d8d7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/"
},
{
"name": "FEDORA-2022-8bb51f6901",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220321-0002/"
},
{
"tags": [
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2022-06"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2022-07"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2022-08"
},
{
"name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/May/33"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/May/38"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213257"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213256"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213255"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2022-09"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf"
},
{
"name": "GLSA-202210-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-02"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "BFCClient",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Industrial Edge - OPC UA Connector",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.7"
}
]
},
{
"defaultStatus": "unknown",
"product": "Industrial Edge - SIMATIC S7 Connector App",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.7"
}
]
},
{
"defaultStatus": "unknown",
"product": "OpenPCS 7 V8.2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "OpenPCS 7 V9.0",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "OpenPCS 7 V9.1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM CROSSBOW Station Access Controller (SAC)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions only when running on ROX II \u003c V2.15.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RM1224 LTE(4G) EU",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RM1224 LTE(4G) NAM",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.15.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE LPE9403",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M804PB",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M812-1 ADSL-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M812-1 ADSL-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M816-1 ADSL-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M816-1 ADSL-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M826-2 SHDSL-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M874-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M874-3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-3 (ROK)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-4",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-4 (EU)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-4 (NAM)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM853-1 (EU)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM856-1 (EU)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM856-1 (RoW)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE S615 EEC LAN-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE S615 LAN-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC622-2C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.3.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC632-2C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.3.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC636-2C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.3.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC642-2C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.3.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE SC646-2C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.3.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W1748-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W1748-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W1750D (JP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.7.1.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W1750D (ROW)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.7.1.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W1750D (USA)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.7.1.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W1788-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W1788-2 EEC M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W1788-2 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W1788-2IA M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W721-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W721-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W721-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W721-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W722-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W722-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W722-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W722-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W722-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W722-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W734-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W734-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W734-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W734-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W734-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W734-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W734-1 RJ45 (USA)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W734-1 RJ45 (USA)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W738-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W738-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W738-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W738-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W748-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W748-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W748-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W748-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W748-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W748-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W748-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W748-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W761-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W761-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W761-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W761-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45 (USA)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W774-1 RJ45 (USA)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W778-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W778-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W778-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W778-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W778-1 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W778-1 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W778-1 M12 EEC (USA)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W778-1 M12 EEC (USA)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 SFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 SFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 SFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2 SFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2IA RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2IA RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2IA RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W786-2IA RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-1 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-1 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 M12 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE W788-2 RJ45",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM763-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1 (US)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1 EEC",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1 EEC (US)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM763-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM763-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM766-1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM766-1 (USA)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X200-4P IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X201-3P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X202-2P IRT PRO",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2FM",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2LD",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2LD TS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204-2TS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X204IRT PRO",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X206-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X206-1LD",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X208",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X208PRO",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X212-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X212-2LD",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X216",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X224",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (230V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (230V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (24V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (2x 230V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (2x 230V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (2x 24V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X302-7 EEC (2x 24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X304-2FE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X306-1LD FE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (230V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (230V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (24V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (2x 230V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (2x 230V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (2x 24V, coated)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-2 EEC (2x 24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-3LD",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X307-3LD",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2 RD (inkl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2LD",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2LD",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2LH",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2LH",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2LH+",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2LH+",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2M",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2M",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2M PoE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2M PoE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2M TS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X308-2M TS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X310",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X310",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X310FE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X310FE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X320-1 FE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X320-1-2LD FE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X408-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB205-3 (SC, PN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB205-3 (ST, E/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB205-3 (ST, E/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB205-3 (ST, PN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB205-3LD (SC, E/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB205-3LD (SC, PN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB208 (E/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB208 (PN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB213-3 (SC, E/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB213-3 (SC, PN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB213-3 (ST, E/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB213-3 (ST, PN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB213-3LD (SC, E/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB213-3LD (SC, PN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB216 (E/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB216 (PN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2 (SC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2 (ST/BFOC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2G PoE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2G PoE (54 V DC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2G PoE EEC (54 V DC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2SFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2SFP EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2SFP G",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2SFP G (EIP DEF.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2SFP G EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC208",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC208EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC208G",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC208G (EIP def.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC208G EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC208G PoE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC208G PoE (54 V DC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC216",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC216-3G PoE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC216-3G PoE (54 V DC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC216-4C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC216-4C G",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC216-4C G (EIP Def.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC216-4C G EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC216EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC224",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC224-4C G",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC224-4C G (EIP Def.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC224-4C G EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF201-3P IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204 DNA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204-2BA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204-2BA DNA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204-2BA IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF206-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF208",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XM408-4C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XM408-4C (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XM408-8C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XM408-8C (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XM416-4C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XM416-4C (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP208",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP208 (Ethernet/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP208EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP208PoE EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP216",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP216 (Ethernet/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP216EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP216POE EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M TS (24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-12M TS (24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324WG (24 x FE, AC 230V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324WG (24 X FE, DC 24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR326-2C PoE WG",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR326-2C PoE WG (without UL)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR328-4C WG (24XFE, 4XGE, 24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR328-4C WG (28xGE, AC 230V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR328-4C WG (28xGE, DC 24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR524-8C, 1x230V",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR524-8C, 1x230V (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR524-8C, 24V",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR524-8C, 24V (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR524-8C, 2x230V",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR524-8C, 2x230V (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR526-8C, 1x230V",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR526-8C, 1x230V (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR526-8C, 24V",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR526-8C, 24V (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR526-8C, 2x230V",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR526-8C, 2x230V (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR528-6M",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR528-6M (2HR2, L3 int.)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR528-6M (2HR2)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR528-6M (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR552-12M",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR552-12M (2HR2, L3 int.)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR552-12M (2HR2)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR552-12M (2HR2)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "Security Configuration Tool (SCT)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Cloud Connect 7 CC712",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.9"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Cloud Connect 7 CC716",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.9"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1242-7 V2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.4.29",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1243-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.4.29",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1243-7 LTE EU",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.4.29",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1243-7 LTE US",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.4.29",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1243-8 IRC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.4.29",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1542SP-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1543-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.37",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1543SP-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1545-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.1.80",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1626",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1628",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 343-1 Advanced",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 443-1 Advanced",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 443-1 OPC UA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Drive Controller CPU 1504D TF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Drive Controller CPU 1507D TF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP CPU 1510SP F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP CPU 1510SP F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP CPU 1510SP-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP CPU 1510SP-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP CPU 1512SP F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP CPU 1512SP F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP CPU 1512SP-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP CPU 1512SP-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V21.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC HMI Unified Comfort Panels family",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V18"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Logon V1.6",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.6 Upd6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV540 H",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV540 S",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV550 H",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV550 S",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV560 U",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC MV560 X",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC NET PC Software V14",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC NET PC Software V15",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC NET PC Software V16",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V16 Update 6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC NET PC Software V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V17 SP1 Update 1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PCS 7 TeleControl",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.1 Update 1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PCS 7 V8.2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PCS 7 V9.0",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PCS 7 V9.1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.1 SP2 UC04",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PCS neo (Administration Console)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PDM",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.2 SP2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Process Historian OPC UA Server",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2020 SP1 Update 1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF166C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF185C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF186C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF186CI",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF188C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF188CI",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF360R",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF610R",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.0.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF615R",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.0.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF650R",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.0.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF680R",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.0.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC RF685R",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.0.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1211C AC/DC/Rly",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1211C DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1211C DC/DC/Rly",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1212C AC/DC/Rly",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1212C DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1212C DC/DC/Rly",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1212FC DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1212FC DC/DC/Rly",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1214C AC/DC/Rly",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1214C DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1214C DC/DC/Rly",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1214FC DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1214FC DC/DC/Rly",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1215C AC/DC/Rly",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1215C DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1215C DC/DC/Rly",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1215FC DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1215FC DC/DC/Rly",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU 1217C DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1511-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1511-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1511-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1511C-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1511C-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1511F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1511F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1511F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1511T-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1511TF-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1512C-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1512C-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1513-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1513-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1513-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1513F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1513F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1513F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1513R-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1515-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1515-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1515-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1515F-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1515F-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1515F-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1515R-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1515T-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1515TF-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1516-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1516-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1516-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1516F-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1516F-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1516F-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1516T-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1516TF-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1517-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1517F-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1517H-3 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1517T-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1517TF-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518HF-4 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518T-4 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518TF-4 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 Software Controller V2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V21.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-PLCSIM Advanced",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC STEP 7 V15.1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC STEP 7 V16",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC STEP 7 V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V17 Update 5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC STEP 7 V5",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.7 HF4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC Unified (TIA Portal)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V17 Update 5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC V15.1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC V16",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V17 Update 5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC V7.3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC V7.4",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.4 SP1 Update 22",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC V7.5",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.5 SP2 Update 16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOCODE ES V15.1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOCODE ES V16",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOCODE ES V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V17 Update 5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOTION",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.1",
"status": "affected",
"version": "V5.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOTION SCOUT TIA V5.3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOTION SCOUT TIA V5.4",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS DCC V15.1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS DCC V16",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS Startdrive V15.1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS Startdrive V16",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS Startdrive V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAUT Software ST7sc",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAUT ST7CC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEC INS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.0 SP2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.0 SP3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEMA Remote Connect Server",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CP 1543SP-1 ISEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.2.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1510SP F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1510SP-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1510SP-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1510SP-1 PN RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1510SP-1 PN RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1512SP F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1512SP F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1512SP F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1512SP-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1512SP-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1512SP-1 PN RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP CPU 1512SP-1 PN RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET CP 1242-7 V2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.4.29",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET CP 1543-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.37",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET CP 343-1 Advanced",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET CP 443-1 Advanced",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET SCALANCE X202-2P IRT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET SCALANCE XC206-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET SCALANCE XC206-2SFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET SCALANCE XC208",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET SCALANCE XC216-4C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CP 1243-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.4.29",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CP 1243-1 RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.4.29",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1212 AC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1212 DC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1212 DC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1212C AC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1212C DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1212C DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1212C DC/DC/DC RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1214 AC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1214 DC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1214C AC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1214C AC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1214C DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1214C DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1214C DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1214C DC/DC/DC RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1214C DC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1214C DC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1214FC DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1214FC DC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1215 AC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1215 AC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1215 DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1215 DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1215 DC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1215 DC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1215 DC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1215C AC/DC/RLY",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1215C DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1200 CPU 1215FC DC/DC/DC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.6.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1511-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1511-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1511-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1511-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1511-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1511-1 PN TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1511-1 PN TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1511F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1511F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1511F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1513-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1513-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1513-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1513-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1513-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1513F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1513F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1513F-1 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1515F-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1515F-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1515F-2 PN RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1515R-2 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1516-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1516-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1516-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1516-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1516-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1516-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1516F-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1516F-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1516F-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1517H-3 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518F-4 PN/DP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518HF-4 PN",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS TIM 1531 IRC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.4.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIRIUS Safety ES V17 (TIA Portal)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V17 Update 5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIRIUS Soft Starter ES V15.1 (TIA Portal)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIRIUS Soft Starter ES V16 (TIA Portal)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIRIUS Soft Starter ES V17 (TIA Portal)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V17 Update 5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "TeleControl Server Basic V3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "TIA Administrator",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.0.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "TIA Portal Cloud V16",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "TIA Portal Cloud V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "TIM 1531 IRC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.4.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T08:58:00.706Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-712929.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-398330.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-108696.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-028723.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-019200.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"status": "affected",
"version": "Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1)"
},
{
"status": "affected",
"version": "Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m)"
},
{
"status": "affected",
"version": "Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tavis Ormandy (Google)"
}
],
"datePublic": "2022-03-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc)."
}
],
"metrics": [
{
"other": {
"content": {
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#High",
"value": "High"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Infinite loop",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:07:01.186Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"url": "https://www.openssl.org/news/secadv/20220315.txt"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65"
},
{
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83"
},
{
"name": "DSA-5103",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5103"
},
{
"name": "[debian-lts-announce] 20220317 [SECURITY] [DLA 2952-1] openssl security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html"
},
{
"name": "[debian-lts-announce] 20220317 [SECURITY] [DLA 2953-1] openssl1.0 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html"
},
{
"name": "FEDORA-2022-a5f51502f0",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/"
},
{
"name": "FEDORA-2022-9e88b5d8d7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/"
},
{
"name": "FEDORA-2022-8bb51f6901",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220321-0002/"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002"
},
{
"url": "https://www.tenable.com/security/tns-2022-06"
},
{
"url": "https://www.tenable.com/security/tns-2022-07"
},
{
"url": "https://www.tenable.com/security/tns-2022-08"
},
{
"name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/May/33"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/May/38"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"url": "https://support.apple.com/kb/HT213257"
},
{
"url": "https://support.apple.com/kb/HT213256"
},
{
"url": "https://support.apple.com/kb/HT213255"
},
{
"url": "https://www.tenable.com/security/tns-2022-09"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
},
{
"url": "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf"
},
{
"name": "GLSA-202210-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-02"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"title": "Infinite loop in BN_mod_sqrt() reachable when parsing certificates"
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2022-0778",
"datePublished": "2022-03-15T17:05:20.382Z",
"dateReserved": "2022-02-28T00:00:00.000Z",
"dateUpdated": "2026-04-14T08:58:00.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-44116 (GCVE-0-2024-44116)
Vulnerability from cvelistv5 – Published: 2024-09-10 03:11 – Updated: 2024-09-10 13:27
VLAI?
EPSS
Title
Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform
Summary
The RFC enabled function module allows a low privileged user to add any workbook to any user's workplace favourites. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces. There is low impact on integrity of the application.
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP NetWeaver Application Server for ABAP and ABAP Platform |
Affected:
700
Affected: 701 Affected: 702 Affected: 731 Affected: 740 Affected: 750 Affected: 751 Affected: 752 Affected: 753 Affected: 754 Affected: 755 Affected: 756 Affected: 757 Affected: 758 Affected: 912 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44116",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:27:33.422456Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T13:27:43.993Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP NetWeaver Application Server for ABAP and ABAP Platform",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "700"
},
{
"status": "affected",
"version": "701"
},
{
"status": "affected",
"version": "702"
},
{
"status": "affected",
"version": "731"
},
{
"status": "affected",
"version": "740"
},
{
"status": "affected",
"version": "750"
},
{
"status": "affected",
"version": "751"
},
{
"status": "affected",
"version": "752"
},
{
"status": "affected",
"version": "753"
},
{
"status": "affected",
"version": "754"
},
{
"status": "affected",
"version": "755"
},
{
"status": "affected",
"version": "756"
},
{
"status": "affected",
"version": "757"
},
{
"status": "affected",
"version": "758"
},
{
"status": "affected",
"version": "912"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe RFC enabled function module allows a low privileged user to add any workbook to any user\u0027s workplace favourites. This vulnerability could be utilized to identify usernames and access information about targeted user\u0027s workplaces. There is low impact on integrity of the application.\u003c/p\u003e"
}
],
"value": "The RFC enabled function module allows a low privileged user to add any workbook to any user\u0027s workplace favourites. This vulnerability could be utilized to identify usernames and access information about targeted user\u0027s workplaces. There is low impact on integrity of the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T03:11:05.878Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3488039"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-44116",
"datePublished": "2024-09-10T03:11:05.878Z",
"dateReserved": "2024-08-20T20:22:59.937Z",
"dateUpdated": "2024-09-10T13:27:43.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45281 (GCVE-0-2024-45281)
Vulnerability from cvelistv5 – Published: 2024-09-10 04:32 – Updated: 2024-09-16 16:17
VLAI?
EPSS
Title
DLL hijacking vulnerability in SAP BusinessObjects Business Intelligence Platform
Summary
SAP BusinessObjects Business Intelligence Platform allows a high privilege user to run client desktop applications even if some of the DLLs are not digitally signed or if the signature is broken. The attacker needs to have local access to the vulnerable system to perform DLL related tasks. This could result in a high impact on confidentiality and integrity of the application.
Severity ?
5.8 (Medium)
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP BusinessObjects Business Intelligence Platform |
Affected:
430
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sap:business_objects_business_intelligence_platform:430:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_objects_business_intelligence_platform",
"vendor": "sap",
"versions": [
{
"status": "affected",
"version": "430"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45281",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:16:47.468065Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T16:17:11.239Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP BusinessObjects Business Intelligence Platform",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "430"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP BusinessObjects Business Intelligence Platform allows a high privilege user to run client desktop applications even if some of the DLLs are not digitally signed or if the signature is broken. The attacker needs to have local access to the vulnerable system to perform DLL related tasks. This could result in a high impact on confidentiality and integrity of the application.\u003c/p\u003e"
}
],
"value": "SAP BusinessObjects Business Intelligence Platform allows a high privilege user to run client desktop applications even if some of the DLLs are not digitally signed or if the signature is broken. The attacker needs to have local access to the vulnerable system to perform DLL related tasks. This could result in a high impact on confidentiality and integrity of the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T04:32:43.378Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3425287"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "DLL hijacking vulnerability in SAP BusinessObjects Business Intelligence Platform",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-45281",
"datePublished": "2024-09-10T04:32:43.378Z",
"dateReserved": "2024-08-26T10:39:20.932Z",
"dateUpdated": "2024-09-16T16:17:11.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41728 (GCVE-0-2024-41728)
Vulnerability from cvelistv5 – Published: 2024-09-10 04:00 – Updated: 2024-09-10 13:26
VLAI?
EPSS
Title
Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform
Summary
Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise not have access to view these objects.
Severity ?
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP NetWeaver Application Server for ABAP and ABAP Platform |
Affected:
700
Affected: 701 Affected: 702 Affected: 731 Affected: 740 Affected: 750 Affected: 751 Affected: 752 Affected: 753 Affected: 754 Affected: 755 Affected: 756 Affected: 757 Affected: 758 Affected: 912 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41728",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:25:47.604562Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T13:26:14.224Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP NetWeaver Application Server for ABAP and ABAP Platform",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "700"
},
{
"status": "affected",
"version": "701"
},
{
"status": "affected",
"version": "702"
},
{
"status": "affected",
"version": "731"
},
{
"status": "affected",
"version": "740"
},
{
"status": "affected",
"version": "750"
},
{
"status": "affected",
"version": "751"
},
{
"status": "affected",
"version": "752"
},
{
"status": "affected",
"version": "753"
},
{
"status": "affected",
"version": "754"
},
{
"status": "affected",
"version": "755"
},
{
"status": "affected",
"version": "756"
},
{
"status": "affected",
"version": "757"
},
{
"status": "affected",
"version": "758"
},
{
"status": "affected",
"version": "912"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDue to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise not have access to view these objects.\u003c/p\u003e"
}
],
"value": "Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise not have access to view these objects."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T04:00:56.713Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3496410"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-41728",
"datePublished": "2024-09-10T04:00:56.713Z",
"dateReserved": "2024-07-22T08:06:52.675Z",
"dateUpdated": "2024-09-10T13:26:14.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-44115 (GCVE-0-2024-44115)
Vulnerability from cvelistv5 – Published: 2024-09-10 03:08 – Updated: 2024-09-16 16:16
VLAI?
EPSS
Title
Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform
Summary
The RFC enabled function module allows a low privileged user to add URLs to any user's workplace favourites. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces, and nodes. There is low impact on integrity of the application
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP NetWeaver Application Server for ABAP and ABAP Platform |
Affected:
700
Affected: 701 Affected: 702 Affected: 731 Affected: 740 Affected: 750 Affected: 751 Affected: 752 Affected: 753 Affected: 754 Affected: 755 Affected: 756 Affected: 757 Affected: 758 Affected: 912 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44115",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:27:33.422456Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T16:16:14.697Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP NetWeaver Application Server for ABAP and ABAP Platform",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "700"
},
{
"status": "affected",
"version": "701"
},
{
"status": "affected",
"version": "702"
},
{
"status": "affected",
"version": "731"
},
{
"status": "affected",
"version": "740"
},
{
"status": "affected",
"version": "750"
},
{
"status": "affected",
"version": "751"
},
{
"status": "affected",
"version": "752"
},
{
"status": "affected",
"version": "753"
},
{
"status": "affected",
"version": "754"
},
{
"status": "affected",
"version": "755"
},
{
"status": "affected",
"version": "756"
},
{
"status": "affected",
"version": "757"
},
{
"status": "affected",
"version": "758"
},
{
"status": "affected",
"version": "912"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe RFC enabled function module allows a low privileged user to add URLs to any user\u0027s workplace favourites. This vulnerability could be utilized to identify usernames and access information about targeted user\u0027s workplaces, and nodes. There is low impact on integrity of the application\u003c/p\u003e"
}
],
"value": "The RFC enabled function module allows a low privileged user to add URLs to any user\u0027s workplace favourites. This vulnerability could be utilized to identify usernames and access information about targeted user\u0027s workplaces, and nodes. There is low impact on integrity of the application"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T03:08:43.205Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3488039"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-44115",
"datePublished": "2024-09-10T03:08:43.205Z",
"dateReserved": "2024-08-20T20:22:59.937Z",
"dateUpdated": "2024-09-16T16:16:14.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33003 (GCVE-0-2024-33003)
Vulnerability from cvelistv5 – Published: 2024-08-13 03:36 – Updated: 2024-08-13 14:57
VLAI?
EPSS
Title
Information Disclosure Vulnerability in SAP Commerce Cloud
Summary
Some OCC API endpoints in SAP Commerce Cloud
allows Personally Identifiable Information (PII) data, such as passwords, email
addresses, mobile numbers, coupon codes, and voucher codes, to be included in
the request URL as query or path parameters. On successful exploitation, this
could lead to a High impact on confidentiality and integrity of the
application.
Severity ?
7.4 (High)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP Commerce Cloud |
Affected:
HY_COM 1808
Affected: 1811 Affected: 1905 Affected: 2005 Affected: 2105 Affected: 2011 Affected: 2205 Affected: COM_CLOUD 2211 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sap:commerce_cloud:1808:*:*:*:*:*:*:*",
"cpe:2.3:a:sap:commerce_cloud:1811:*:*:*:*:*:*:*",
"cpe:2.3:a:sap:commerce_cloud:1905:*:*:*:*:*:*:*",
"cpe:2.3:a:sap:commerce_cloud:2005:*:*:*:*:*:*:*",
"cpe:2.3:a:sap:commerce_cloud:2011:*:*:*:*:*:*:*",
"cpe:2.3:a:sap:commerce_cloud:2105:*:*:*:*:*:*:*",
"cpe:2.3:a:sap:commerce_cloud:2205:*:*:*:*:*:*:*",
"cpe:2.3:a:sap:commerce_cloud:2211:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "commerce_cloud",
"vendor": "sap",
"versions": [
{
"status": "affected",
"version": "1808"
},
{
"status": "affected",
"version": "1811"
},
{
"status": "affected",
"version": "1905"
},
{
"status": "affected",
"version": "2005"
},
{
"status": "affected",
"version": "2011"
},
{
"status": "affected",
"version": "2105"
},
{
"status": "affected",
"version": "2205"
},
{
"status": "affected",
"version": "2211"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33003",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T14:46:12.515862Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T14:57:53.908Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP Commerce Cloud",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "HY_COM 1808"
},
{
"status": "affected",
"version": "1811"
},
{
"status": "affected",
"version": "1905"
},
{
"status": "affected",
"version": "2005"
},
{
"status": "affected",
"version": "2105"
},
{
"status": "affected",
"version": "2011"
},
{
"status": "affected",
"version": "2205"
},
{
"status": "affected",
"version": "COM_CLOUD 2211"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Some OCC API endpoints in SAP Commerce Cloud\nallows Personally Identifiable Information (PII) data, such as passwords, email\naddresses, mobile numbers, coupon codes, and voucher codes, to be included in\nthe request URL as query or path parameters. On successful exploitation, this\ncould lead to a High impact on confidentiality and integrity of the\napplication."
}
],
"value": "Some OCC API endpoints in SAP Commerce Cloud\nallows Personally Identifiable Information (PII) data, such as passwords, email\naddresses, mobile numbers, coupon codes, and voucher codes, to be included in\nthe request URL as query or path parameters. On successful exploitation, this\ncould lead to a High impact on confidentiality and integrity of the\napplication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T03:36:55.034Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3459935"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information Disclosure Vulnerability in SAP Commerce Cloud",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-33003",
"datePublished": "2024-08-13T03:36:55.034Z",
"dateReserved": "2024-04-23T04:04:25.521Z",
"dateUpdated": "2024-08-13T14:57:53.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…