WID-SEC-W-2025-0460
Vulnerability from csaf_certbund - Published: 2025-02-27 23:00 - Updated: 2025-06-22 22:00Summary
Red Hat Enterprise Linux (Quarkus): Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff
Ein entfernter Angreifer kann mehrere Schwachstellen in Quarkus auf Red Hat Enterprise Linux ausnutzen, um Informationen offenzulegen, oder einen Denial of Service auszulösen.
Betroffene Betriebssysteme
- Linux
- UNIX
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter Angreifer kann mehrere Schwachstellen in Quarkus auf Red Hat Enterprise Linux ausnutzen, um Informationen offenzulegen, oder einen Denial of Service auszul\u00f6sen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0460 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0460.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0460 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0460"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1884 vom 2025-02-27",
"url": "https://access.redhat.com/errata/RHSA-2025:1884"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1885 vom 2025-02-27",
"url": "https://access.redhat.com/errata/RHSA-2025:1885"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:2067 vom 2025-03-03",
"url": "https://access.redhat.com/errata/RHSA-2025:2067"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:2663 vom 2025-03-11",
"url": "https://access.redhat.com/errata/RHSA-2025:2663"
},
{
"category": "external",
"summary": "Bamboo Data Center Advisory",
"url": "https://jira.atlassian.com/browse/BAM-26046"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3358 vom 2025-03-27",
"url": "https://access.redhat.com/errata/RHSA-2025:3358"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3357 vom 2025-03-27",
"url": "https://access.redhat.com/errata/RHSA-2025:3357"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7229750 vom 2025-04-01",
"url": "https://www.ibm.com/support/pages/node/7229750"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3467 vom 2025-04-01",
"url": "https://access.redhat.com/errata/RHSA-2025:3467"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3465 vom 2025-04-01",
"url": "https://access.redhat.com/errata/RHSA-2025:3465"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3540 vom 2025-04-02",
"url": "https://access.redhat.com/errata/RHSA-2025:3540"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7229901 vom 2025-04-02",
"url": "https://www.ibm.com/support/pages/node/7229901"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:3543 vom 2025-04-02",
"url": "https://access.redhat.com/errata/RHSA-2025:3543"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7232032 vom 2025-04-29",
"url": "https://www.ibm.com/support/pages/node/7232032"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:4550 vom 2025-05-06",
"url": "https://access.redhat.com/errata/RHSA-2025:4550"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:4549 vom 2025-05-06",
"url": "https://access.redhat.com/errata/RHSA-2025:4549"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:4552 vom 2025-05-06",
"url": "https://access.redhat.com/errata/RHSA-2025:4552"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:4548 vom 2025-05-06",
"url": "https://access.redhat.com/errata/RHSA-2025:4548"
},
{
"category": "external",
"summary": "IBM Security Bulletin",
"url": "https://www.ibm.com/support/pages/node/7234827"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:8258 vom 2025-06-03",
"url": "https://access.redhat.com/errata/RHSA-2025:8258"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:8761 vom 2025-06-10",
"url": "https://access.redhat.com/errata/RHSA-2025:8761"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7235497 vom 2025-06-21",
"url": "https://www.ibm.com/support/pages/node/7235497"
}
],
"source_lang": "en-US",
"title": "Red Hat Enterprise Linux (Quarkus): Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-06-22T22:00:00.000+00:00",
"generator": {
"date": "2025-06-23T07:15:27.503+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0460",
"initial_release_date": "2025-02-27T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-02-27T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-03-03T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-03-11T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-03-18T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Atlassian aufgenommen"
},
{
"date": "2025-03-27T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-03-31T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-04-01T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-04-02T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat und IBM aufgenommen"
},
{
"date": "2025-04-28T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-05-06T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-05-27T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-06-02T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-06-09T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-06-22T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "14"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.2.2",
"product": {
"name": "Atlassian Bamboo \u003c10.2.2",
"product_id": "T041966"
}
},
{
"category": "product_version",
"name": "10.2.2",
"product": {
"name": "Atlassian Bamboo 10.2.2",
"product_id": "T041966-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:10.2.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.6.11",
"product": {
"name": "Atlassian Bamboo \u003c9.6.11",
"product_id": "T041967"
}
},
{
"category": "product_version",
"name": "9.6.11",
"product": {
"name": "Atlassian Bamboo 9.6.11",
"product_id": "T041967-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:9.6.11"
}
}
}
],
"category": "product_name",
"name": "Bamboo"
}
],
"category": "vendor",
"name": "Atlassian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "11.7",
"product": {
"name": "IBM InfoSphere Information Server 11.7",
"product_id": "444803",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:infosphere_information_server:11.7"
}
}
}
],
"category": "product_name",
"name": "InfoSphere Information Server"
},
{
"branches": [
{
"category": "product_version",
"name": "7.6.1",
"product": {
"name": "IBM Maximo Asset Management 7.6.1",
"product_id": "389168",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:maximo_asset_management:7.6.1"
}
}
}
],
"category": "product_name",
"name": "Maximo Asset Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV8.11.0.1 Interim fix 042",
"product": {
"name": "IBM Operational Decision Manager \u003cV8.11.0.1 Interim fix 042",
"product_id": "T043174"
}
},
{
"category": "product_version",
"name": "V8.11.0.1 Interim fix 042",
"product": {
"name": "IBM Operational Decision Manager V8.11.0.1 Interim fix 042",
"product_id": "T043174-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:v8.11.0.1_interim_fix_042"
}
}
},
{
"category": "product_version_range",
"name": "\u003cV8.11.1.0: Interim fix 039",
"product": {
"name": "IBM Operational Decision Manager \u003cV8.11.1.0: Interim fix 039",
"product_id": "T043175"
}
},
{
"category": "product_version",
"name": "V8.11.1.0: Interim fix 039",
"product": {
"name": "IBM Operational Decision Manager V8.11.1.0: Interim fix 039",
"product_id": "T043175-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:v8.11.1.0_interim_fix_039"
}
}
},
{
"category": "product_version_range",
"name": "\u003cV8.12.0.1: Interim fix 024",
"product": {
"name": "IBM Operational Decision Manager \u003cV8.12.0.1: Interim fix 024",
"product_id": "T043176"
}
},
{
"category": "product_version",
"name": "V8.12.0.1: Interim fix 024",
"product": {
"name": "IBM Operational Decision Manager V8.12.0.1: Interim fix 024",
"product_id": "T043176-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:v8.12.0.1_interim_fix_024"
}
}
},
{
"category": "product_version_range",
"name": "\u003cV9.0.0.1: Interim fix 007",
"product": {
"name": "IBM Operational Decision Manager \u003cV9.0.0.1: Interim fix 007",
"product_id": "T043177"
}
},
{
"category": "product_version",
"name": "V9.0.0.1: Interim fix 007",
"product": {
"name": "IBM Operational Decision Manager V9.0.0.1: Interim fix 007",
"product_id": "T043177-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:v9.0.0.1_interim_fix_007"
}
}
}
],
"category": "product_name",
"name": "Operational Decision Manager"
},
{
"branches": [
{
"category": "product_version",
"name": "Analytic Server",
"product": {
"name": "IBM SPSS Analytic Server",
"product_id": "T011789",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spss:analytic_server"
}
}
}
],
"category": "product_name",
"name": "SPSS"
},
{
"branches": [
{
"category": "product_version",
"name": "12",
"product": {
"name": "IBM Security Guardium 12",
"product_id": "T043916",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_guardium:sqlguard_12.0p35_bundle_jan-28-2025"
}
}
}
],
"category": "product_name",
"name": "Security Guardium"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version_range",
"name": "Quarkus \u003c3.8.6.SP3",
"product": {
"name": "Red Hat Enterprise Linux Quarkus \u003c3.8.6.SP3",
"product_id": "T041477"
}
},
{
"category": "product_version",
"name": "Quarkus 3.8.6.SP3",
"product": {
"name": "Red Hat Enterprise Linux Quarkus 3.8.6.SP3",
"product_id": "T041477-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:quarkus__3.8.6.sp3"
}
}
},
{
"category": "product_version_range",
"name": "Quarkus \u003c3.15.3.SP1",
"product": {
"name": "Red Hat Enterprise Linux Quarkus \u003c3.15.3.SP1",
"product_id": "T041478"
}
},
{
"category": "product_version",
"name": "Quarkus 3.15.3.SP1",
"product": {
"name": "Red Hat Enterprise Linux Quarkus 3.15.3.SP1",
"product_id": "T041478-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:quarkus__3.15.3.sp1"
}
}
},
{
"category": "product_version_range",
"name": "Quarkus \u003c3.20.1",
"product": {
"name": "Red Hat Enterprise Linux Quarkus \u003c3.20.1",
"product_id": "T044254"
}
},
{
"category": "product_version",
"name": "Quarkus 3.20.1",
"product": {
"name": "Red Hat Enterprise Linux Quarkus 3.20.1",
"product_id": "T044254-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:quarkus__3.20.1"
}
}
},
{
"category": "product_version",
"name": "Apache Camel 1",
"product": {
"name": "Red Hat Enterprise Linux Apache Camel 1",
"product_id": "T044468",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:apache_camel_1"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"category": "product_name",
"name": "Red Hat Integration",
"product": {
"name": "Red Hat Integration",
"product_id": "T033960",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:integration:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.5.3",
"product": {
"name": "Red Hat JBoss Data Grid \u003c8.5.3",
"product_id": "T041746"
}
},
{
"category": "product_version",
"name": "8.5.3",
"product": {
"name": "Red Hat JBoss Data Grid 8.5.3",
"product_id": "T041746-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_data_grid:8.5.3"
}
}
}
],
"category": "product_name",
"name": "JBoss Data Grid"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.4.21",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform \u003c7.4.21",
"product_id": "T042265"
}
},
{
"category": "product_version",
"name": "7.4.21",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.4.21",
"product_id": "T042265-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4.21"
}
}
}
],
"category": "product_name",
"name": "JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-1247",
"product_status": {
"known_affected": [
"T011789",
"67646",
"T041967",
"T041746",
"T041966",
"389168",
"T043916",
"T033960",
"T044468",
"444803",
"T041478",
"T043174",
"T041477",
"T043175",
"T044254",
"T043176",
"T043177",
"T042265"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-1247"
},
{
"cve": "CVE-2025-1634",
"product_status": {
"known_affected": [
"T011789",
"67646",
"T041967",
"T041746",
"T041966",
"389168",
"T043916",
"T033960",
"T044468",
"444803",
"T041478",
"T043174",
"T041477",
"T043175",
"T044254",
"T043176",
"T043177",
"T042265"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-1634"
},
{
"cve": "CVE-2025-24970",
"product_status": {
"known_affected": [
"T011789",
"67646",
"T041967",
"T041746",
"T041966",
"389168",
"T043916",
"T033960",
"T044468",
"444803",
"T041478",
"T043174",
"T041477",
"T043175",
"T044254",
"T043176",
"T043177",
"T042265"
]
},
"release_date": "2025-02-27T23:00:00.000+00:00",
"title": "CVE-2025-24970"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…