CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
44.9%
A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
[
{
"product": "openshift",
"vendor": "n/a",
"versions": [
{
"version": "4.12.0",
"status": "unaffected"
}
]
},
{
"vendor": "Red Hat",
"product": "OpenShift Serverless",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "(as-yet-unknown)",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:serverless:1"
]
},
{
"vendor": "Red Hat",
"product": "OpenShift Service Mesh 2.2.x",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "(as-yet-unknown)",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:service_mesh:2.2"
]
},
{
"vendor": "Red Hat",
"product": "OpenShift Service Mesh 2.3.x",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "(as-yet-unknown)",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:service_mesh:2.3"
]
},
{
"vendor": "Red Hat",
"product": "OpenShift Service Mesh 2.4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "(as-yet-unknown)",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:service_mesh:2.4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "(as-yet-unknown)",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:acm:2"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss A-MQ Streams",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "(as-yet-unknown)",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:amq_streams:1"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 3.11",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:openshift:3.11"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift-ansible",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift-golang-builder-container",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:openshift:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Openshift Data Foundation 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "(as-yet-unknown)",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Openshift sandboxed containers",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "(as-yet-unknown)",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:openshift_sandboxed_containers:1"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Virtualization 4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "(as-yet-unknown)",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
]
}
]
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
44.9%