DATABASE RESOURCES PRICING ABOUT US

{"id": "3E3AF8AC7BA63076BEE8FFB670B3A3F27E0903C83526E54496E50EB2DF74B875", "vendorId": null, "type": "ibm", "bulletinFamily": "software", "title": "Security Bulletin: Multiple Security Vulnerabilities have been fixed in IBM Security Privileged Identity Manager Appliance.", "description": "## Summary\n\nMultiple security vulnerabilities have been identified and fixed in the IBM Security Privileged Identity Manager Appliance.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-1049](<https://vulners.com/cve/CVE-2018-1049>) \n**DESCRIPTION:** Systemd is vulnerable to a denial of service, caused by a race condition between .mount and .automount units. A remote authenticated attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138105> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2017-3738](<https://vulners.com/cve/CVE-2017-3738>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. An attacker could exploit this vulnerability to obtain information about the private key. Note: In order to exploit this vulnerability, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136078> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2017-3737](<https://vulners.com/cve/CVE-2017-3737>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to bypass security restrictions, caused by a flaw in the \\\"error state\\\" mechanism when directly calling SSL_read() or SSL_write() for an SSL object after receiving a fatal error. An attacker could exploit this vulnerability to bypass the decryption or encryption process and perform unauthorized actions. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136077> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2017-6464](<https://vulners.com/cve/CVE-2017-6464>) \n**DESCRIPTION:** NTP is vulnerable to a denial of service. A remote authenticated attacker could exploit this vulnerability using a malformed mode configuration directive to cause the application to crash. \nCVSS Base Score: 4.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/123610> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2017-6463](<https://vulners.com/cve/CVE-2017-6463>) \n**DESCRIPTION:** NTP is vulnerable to a denial of service. By sending an invalid setting, a remote authenticated attacker could exploit this vulnerability using the :config directive to cause the daemon to crash. \nCVSS Base Score: 4.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/123612> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2017-6462](<https://vulners.com/cve/CVE-2017-6462>) \n**DESCRIPTION:** NTP is vulnerable to a denial of service, caused by a buffer overflow in the legacy Datum Programmable Time Server refclock driver. By sending specially crafted packets, a local authenticated attacker could exploit this vulnerability to overflow a buffer and cause a denial of service. \nCVSS Base Score: 1.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/123611> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-3639](<https://vulners.com/cve/CVE-2018-3639>) \n**DESCRIPTION:** Multiple Intel CPU's could allow a local attacker to obtain sensitive information, caused by utilizing sequences of speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known. By conducting targeted cache side-channel attacks, an attacker could exploit this vulnerability to bypass security restrictions and gain read access to privileged memory. Note: This vulnerability is the Speculative Store Bypass (SSB), also known as Variant 4 or \"SpectreNG\". \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143569> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2017-11368](<https://vulners.com/cve/CVE-2017-11368>) \n**DESCRIPTION:** MIT Kerberos 5 is vulnerable to a denial of service, caused by a KDC assertion failure. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause memory allocation failure. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/130207> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2017-7562](<https://vulners.com/cve/CVE-2017-7562>) \n**DESCRIPTION:** MIT krb5 could allow a remote authenticated attacker to bypass security restrictions, caused by the improper validation of a forged certificate EKU and SAN. An attacker could exploit vulnerability to gain unauthorized access to the system to impersonate arbitrary principals under rare and erroneous circumstances. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143332> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2017-1000407](<https://vulners.com/cve/CVE-2017-1000407>) \n**DESCRIPTION:** Linux Kernel, built with the KVM virtualization(CONFIG_KVM) support, is vulnerable to a denial of service, caused by improper validation of user-supplied input at the diagnostic port. By flooding the diagnostic port 0x80, a remote authenticated attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136235> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2017-18017](<https://vulners.com/cve/CVE-2017-18017>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw in the tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c. By leveraging the presence of xt_TCPMSS in an iptables action, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137122> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2017-15116](<https://vulners.com/cve/CVE-2017-15116>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by NULL pointer dereference in the rngapi_reset function in crypto/rng.c. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135735> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2017-15670](<https://vulners.com/cve/CVE-2017-15670>) \n**DESCRIPTION:** GNU C Library is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the glob function in glob.c. By sending a specially-crafted string, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/133915> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2017-12132](<https://vulners.com/cve/CVE-2017-12132>) \n**DESCRIPTION:** GNU C Library (aka glibc or libc6) could allow a remote attacker to conduct spoofing attacks, caused by a flaw in the DNS stub resolver. An attacker could exploit this vulnerability to perform off-path DNS spoofing attacks. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/129949> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2015-5180](<https://vulners.com/cve/CVE-2015-5180>) \n**DESCRIPTION:** glibc is vulnerable to a denial of service, caused by a NULL pointer dereference in the res_query function in libresolv. By using a malformed pattern, a remote attacker could cause the process to crash. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/130620> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-1000199](<https://vulners.com/cve/CVE-2018-1000199>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a ptrace() error handling flaw. By invoking the modify_user_hw_breakpoint() function, a local attacker could exploit this vulnerability to cause the kernel to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142654> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-8897](<https://vulners.com/cve/CVE-2018-8897>) \n**DESCRIPTION:** Multiple operating systems could allow a local authenticated attacker to gain elevated privileges on the system, caused by developer interpretation of hardware debug exception documentation for the MOV to SS and POP SS instructions. An attacker could exploit this vulnerability using operating system APIs to obtain sensitive memory information or control low-level operating system functions and other unexpected behavior. \nCVSS Base Score: 7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142242> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-1091](<https://vulners.com/cve/CVE-2018-1091>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a missing processor feature check in the flush_tmregs_to_thread function. A local attacker could exploit this vulnerability to cause the guest kernel to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140892> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-1087](<https://vulners.com/cve/CVE-2018-1087>) \n**DESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by the improper handling of exceptions delivered after a stack switch operation using the MOV to SS and POP SS instructions by the KVM hypervisor. An attacker could exploit this vulnerability to gain elevated privileges or cause the guest to crash. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142976> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-1068](<https://vulners.com/cve/CVE-2018-1068>) \n**DESCRIPTION:** Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by an error in the implementation of 32 bit syscall interface. An attacker could exploit this vulnerability to gain root privileges on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140403> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2017-16939](<https://vulners.com/cve/CVE-2017-16939>) \n**DESCRIPTION:** Linux Kernel could allow a remote attacker to gain elevated privileges on the system, caused by an use-after-free in the Netlink socket subsystem XFRM. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain privileges. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135317> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-1113](<https://vulners.com/cve/CVE-2018-1113>) \n**DESCRIPTION:** Setup Project could allow a remote attacker to bypass security restrictions, caused by an issue with adding /sbin/nologin and /usr/sbin/nologin to /etc/shells. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147843> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-0494](<https://vulners.com/cve/CVE-2018-0494>) \n**DESCRIPTION:** GNU Wget could allow a remote attacker to bypass security restrictions, caused by the failure to properly process Set-Cookie responses. By sending a specially-crafted Set-Cookie -header request, an attacker could exploit this vulnerability to inject arbitrary cookies into the cookie jar file and set and modify cookies on the target system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142899> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2017-1000050](<https://vulners.com/cve/CVE-2017-1000050>) \n**DESCRIPTION:** JasPer is vulnerable to a denial of service, caused by a NULL pointer exception in the jp2_encode function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/130253> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2016-9396](<https://vulners.com/cve/CVE-2016-9396>) \n**DESCRIPTION:** JasPer is vulnerable to a denial of service, caused by an error in the JPC_NOMINALGAIN function in jpc_t1cod.c. By using unspecified vectors, an attacker could exploit this vulnerability to trigger an assertion failure. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/123690> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-1061](<https://vulners.com/cve/CVE-2018-1061>) \n**DESCRIPTION:** Python is vulnerable to a denial of service, caused by catastrophic backtracking in the difflib.IS_LINE_JUNK method. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/145115> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-1060](<https://vulners.com/cve/CVE-2018-1060>) \n**DESCRIPTION:** Python is vulnerable to a denial of service, caused by catastrophic backtracking in the pop3lib''s apop() method. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/145116> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-10846](<https://vulners.com/cve/CVE-2018-10846>) \n**DESCRIPTION:** GnuTLS could allow a local authenticated attacker to obtain sensitive information, caused by a cache-based side channel issue. By using a combination of Just in Time Prime+probe attack in combination with Lucky-13 attack, a remote attacker could exploit this vulnerability to recover plain text and obtain information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148725> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-10845](<https://vulners.com/cve/CVE-2018-10845>) \n**DESCRIPTION:** GnuTLS could allow a remote attacker to obtain sensitive information, caused by a flaw in the implementation of HMAC-SHA-384. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to obtain information. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148730> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-10844](<https://vulners.com/cve/CVE-2018-10844>) \n**DESCRIPTION:** GnuTLS could allow a remote attacker to obtain sensitive information, caused by a flaw in the implementation of HMAC-SHA-256. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to obtain information. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148731> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-5730](<https://vulners.com/cve/CVE-2018-5730>) \n**DESCRIPTION:** MIT krb5 could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the LDAP Kerberos database. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass DN container check. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139970> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-5729](<https://vulners.com/cve/CVE-2018-5729>) \n**DESCRIPTION:** MIT krb5 is vulnerable to a denial of service, caused by a NULL pointer dereference in the LDAP Kerberos database. By sending specially-crafted data, a remote authenticated attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139969> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-5391](<https://vulners.com/cve/CVE-2018-5391>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the improper handling of the reassembly of fragmented IPv4 and IPv6 packets by the IP implementation. By sending specially crafted IP fragments with random offsets, a remote attacker could exploit this vulnerability to exhaust all available CPU resources and cause a denial of service. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148388> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-15688](<https://vulners.com/cve/CVE-2018-15688>) \n**DESCRIPTION:** systemd is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the dhcp6 client. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152041> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-1618](<https://vulners.com/cve/CVE-2018-1618>) \n**DESCRIPTION:** IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. \nCVSS Base Score: 7.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144343> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-1640](<https://vulners.com/cve/CVE-2018-1640>) \n**DESCRIPTION:** IBM Security Privileged Identity Manager Virtual Appliance could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144580> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-1680](<https://vulners.com/cve/CVE-2018-1680>) \n**DESCRIPTION:** IBM Security Privileged Identity Manager Virtual Appliance does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/145236> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-1680](<https://vulners.com/cve/CVE-2018-1680>) \n**DESCRIPTION:** IBM Security Privileged Identity Manager Virtual Appliance does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/145236> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-1622](<https://vulners.com/cve/CVE-2018-1622>) \n**DESCRIPTION:** IBM Security Privileged Identity Manager Virtual Appliance is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144348> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-1623](<https://vulners.com/cve/CVE-2018-1623>) \n**DESCRIPTION:** IBM Security Privileged Identity Manager Virtual Appliance allows web pages to be stored locally which can be read by another user on the system. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144408> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-1626](<https://vulners.com/cve/CVE-2018-1626>) \n**DESCRIPTION:** IBM Security Privileged Identity Manager Virtual Appliance does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144411> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-1625](<https://vulners.com/cve/CVE-2018-1625>) \n**DESCRIPTION:** IBM Security Privileged Identity Manager Virtual Appliance generates an error message that includes sensitive information about its environment, users, or associated data. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144410> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2016-5725](<https://vulners.com/cve/CVE-2016-5725>) \n**DESCRIPTION:** JSch could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to the implementation for recursive sftp-get containing \"dot dot\" sequences (/../) to download the malicious files outside the client download base directory. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117122> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\n#### CVE Information: (copy/paste-able; will update after page submission. Provided by system to make it easy to cut and paste data.)\n\n**CVEID:** [CVE-2016-1182](<https://vulners.com/cve/CVE-2016-1182>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by the failure to properly properly restrict the Validator configuration bin ActionServlet.java. An attacker could exploit this vulnerability to modify validation rules and error messages. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113853> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [CVE-2016-1181](<https://vulners.com/cve/CVE-2016-1181>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote operations against components on server memory by the ActionForm instance. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113852> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2014-0114](<https://vulners.com/cve/CVE-2014-0114>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [CVE-2015-0899](<https://vulners.com/cve/CVE-2015-0899>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the MultiPageValidator implementation. An attacker could exploit this vulnerability using a modified page parameter to bypass restrictions and launch further attacks on the system. This vulnerability also affects other products. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101770> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2016-0705](<https://vulners.com/cve/CVE-2016-0705>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111140> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2017-3732](<https://vulners.com/cve/CVE-2017-3732>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121313> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-1428](<https://vulners.com/cve/CVE-2018-1428>) \n**DESCRIPTION:** IBM GSKit uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139073> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-1427](<https://vulners.com/cve/CVE-2018-1427>) \n**DESCRIPTION:** IBM GSKit contains several enviornment variables that a local attacker could overflow and cause a denial of service. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139072> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-1426](<https://vulners.com/cve/CVE-2018-1426>) \n**DESCRIPTION:** IBM GSKit duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139071> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-1567](<https://vulners.com/cve/CVE-2018-1567>) \n**DESCRIPTION:** IBM WebSphere Application Server could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143024> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-1719](<https://vulners.com/cve/CVE-2018-1719>) \n**DESCRIPTION:** IBM WebSphere Application Server could provide weaker than expected security under certain conditions. This could result in a downgrade of TLS protocol. A remote attacker could exploit this vulnerability to perform man-in-the-middle attacks. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147292> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2014-7810](<https://vulners.com/cve/CVE-2014-7810>) \n**DESCRIPTION:** Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the use of expression language. An attacker could exploit this vulnerability to bypass the protections of a Security Manager. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/103155> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2018-1794](<https://vulners.com/cve/CVE-2018-1794>) \n**DESCRIPTION:** IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148949> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2018-1767](<https://vulners.com/cve/CVE-2018-1767>) \n**DESCRIPTION:** IBM WebSphere Application Server Cachemonitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148621> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2018-1901](<https://vulners.com/cve/CVE-2018-1901>) \n**DESCRIPTION:** IBM WebSphere Application Server could allow a remote attacker to temporarily gain elevated privileges on the system, caused by incorrect cached value being used. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152530> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-1904](<https://vulners.com/cve/CVE-2018-1904>) \n**DESCRIPTION:** IBM WebSphere Application Server could allow remote attackers to execute arbitrary Java code through an administrative client class with a serialized object from untrusted sources. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152533> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3139](<https://vulners.com/cve/CVE-2018-3139>)\n\n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151455> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-3136](<https://vulners.com/cve/CVE-2018-3136>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151452> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-13785](<https://vulners.com/cve/CVE-2018-13785>) \n**DESCRIPTION:** libpng is vulnerable to a denial of service, caused by a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146015> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-3214](<https://vulners.com/cve/CVE-2018-3214>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Sound component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151530> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-3180](<https://vulners.com/cve/CVE-2018-3180>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JSSE component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151497> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-3149](<https://vulners.com/cve/CVE-2018-3149>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151465> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3169](<https://vulners.com/cve/CVE-2018-3169>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151486> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3183](<https://vulners.com/cve/CVE-2018-3183>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Scripting component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151500> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2677](<https://vulners.com/cve/CVE-2018-2677>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137932> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2641](<https://vulners.com/cve/CVE-2018-2641>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137893> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-1656](<https://vulners.com/cve/CVE-2018-1656>) \n**DESCRIPTION:** The IBM Java Runtime Environment''s Diagnostic Tooling Framework for Java (DTFJ) does not protect against path traversal attacks when extracting compressed dump files. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144882> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2973](<https://vulners.com/cve/CVE-2018-2973>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JSSE component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146835> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-1517](<https://vulners.com/cve/CVE-2018-1517>) \n**DESCRIPTION:** A flaw in the java.math component in IBM SDK, Java Technology Edition may allow an attacker to inflict a denial-of-service attack with specially crafted String data. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141681> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-2964](<https://vulners.com/cve/CVE-2018-2964>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146827> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-12539](<https://vulners.com/cve/CVE-2018-12539>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a local attacker to gain elevated privileges on the system, caused by the failure to restrict the use of Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations to only the process owner. An attacker could exploit this vulnerability to execute untrusted native code and gain elevated privileges on the system. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148389> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Security Privileged Identity Manager 2.1.1\n\n## Remediation/Fixes\n\nProduct | VRMF | Remediation/First Fix \n---|---|--- \nIBM Security Privileged Identity Manager | 2.1.1 | [2.1.1-ISS-ISPIM-VA-FP0002](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Privileged+Identity+Manager&release=2.1.1&platform=All&function=fixId&fixids=2.1.1-ISS-ISPIM-VA-FP0002&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "published": "2019-09-17T15:34:01", "modified": "2019-09-17T15:34:01", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 10.0}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.ibm.com/support/pages/node/879093", "reporter": "IBM", "references": [], "cvelist": ["CVE-2014-0114", "CVE-2014-7810", "CVE-2015-0899", "CVE-2015-5180", "CVE-2016-0701", "CVE-2016-0705", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-5725", "CVE-2016-9396", "CVE-2017-1000050", "CVE-2017-1000407", "CVE-2017-11368", "CVE-2017-12132", "CVE-2017-15116", "CVE-2017-15670", "CVE-2017-16939", "CVE-2017-18017", "CVE-2017-3732", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-3738", "CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464", "CVE-2017-7562", "CVE-2018-0494", "CVE-2018-1000199", "CVE-2018-1049", "CVE-2018-1060", "CVE-2018-1061", "CVE-2018-1068", "CVE-2018-10844", "CVE-2018-10845", "CVE-2018-10846", "CVE-2018-1087", "CVE-2018-1091", "CVE-2018-1113", "CVE-2018-12539", "CVE-2018-13785", "CVE-2018-1426", "CVE-2018-1427", "CVE-2018-1428", "CVE-2018-1517", "CVE-2018-1567", "CVE-2018-15688", "CVE-2018-1618", "CVE-2018-1622", "CVE-2018-1623", "CVE-2018-1625", "CVE-2018-1626", "CVE-2018-1640", "CVE-2018-1656", "CVE-2018-1680", "CVE-2018-1719", "CVE-2018-1767", "CVE-2018-1794", "CVE-2018-1901", "CVE-2018-1904", "CVE-2018-2641", "CVE-2018-2677", "CVE-2018-2783", "CVE-2018-2964", "CVE-2018-2973", "CVE-2018-3136", "CVE-2018-3139", "CVE-2018-3149", "CVE-2018-3169", "CVE-2018-3180", "CVE-2018-3183", "CVE-2018-3214", "CVE-2018-3639", "CVE-2018-5391", "CVE-2018-5729", "CVE-2018-5730", "CVE-2018-8897"], "immutableFields": [], "lastseen": "2023-02-23T21:43:51", "viewCount": 24, "enchantments": {"dependencies": {"references": [{"type": "aix", "idList": ["ITDS_ADVISORY2.ASC", "JAVA_APR2018_ADVISORY.ASC", "JAVA_JAN2018_ADVISORY.ASC", "JAVA_JULY2018_ADVISORY.ASC", "JAVA_OCT2018_ADVISORY.ASC", "NTP_ADVISORY9.ASC", "OPENSSL_ADVISORY18.ASC", "OPENSSL_ADVISORY25.ASC", "SPECTRE_MELTDOWN_ADVISORY.ASC", "SPECTRE_UPDATE_ADVISORY.ASC", "VARIANT4_ADVISORY.ASC"]}, {"type": "akamaiblog", "idList": ["AKAMAIBLOG:CA172BF5AAF741436B9DD55773785FB3"]}, {"type": "almalinux", "idList": ["ALBA-2021:0206"]}, {"type": "altlinux", "idList": ["20DEBD245C9F4C788F9E4E2FC1E16404", "B7D1FE39355177AD5293458DFFC43DC1"]}, {"type": "amazon", "idList": ["ALAS-2016-656", "ALAS-2016-657", "ALAS-2016-658", "ALAS-2016-661", "ALAS-2016-701", "ALAS-2017-816", "ALAS-2017-937", "ALAS-2018-1003", "ALAS-2018-1010", "ALAS-2018-1016", "ALAS-2018-1017", "ALAS-2018-1023", "ALAS-2018-1034", "ALAS-2018-1037", "ALAS-2018-1038", "ALAS-2018-1039", "ALAS-2018-1040", "ALAS-2018-1058", "ALAS-2018-1097", "ALAS-2018-1108", "ALAS-2018-1111", "ALAS-2018-1129", "ALAS-2018-949", "ALAS-2018-971", "ALAS-2018-974", "ALAS2-2018-1004", "ALAS2-2018-1009", "ALAS2-2018-1010", "ALAS2-2018-1023", "ALAS2-2018-1033", "ALAS2-2018-1034", "ALAS2-2018-1037", "ALAS2-2018-1038", "ALAS2-2018-1039", "ALAS2-2018-1048", "ALAS2-2018-1049", "ALAS2-2018-1058", "ALAS2-2018-1097", "ALAS2-2018-1111", "ALAS2-2018-1120", "ALAS2-2018-1121", "ALAS2-2018-1129", "ALAS2-2018-949", "ALAS2-2018-961", "ALAS2-2018-971", "ALAS2-2018-994", "ALAS2-2019-1144", "ALAS2-2019-1150", "ALAS2-2019-1158", "ALAS2-2019-1160", "ALAS2-2019-1230"]}, {"type": "androidsecurity", "idList": ["ANDROID:2016-05-01", "ANDROID:2018-08-01", "ANDROID:2019-09-01"]}, {"type": "apple", "idList": ["APPLE:395E729CF93F555C415D358DB1C43E9A", "APPLE:53EFEBE3691961E0982391E9A9F17692", "APPLE:B6838750CA6086B150DDD58EB8FAE22A", "APPLE:B767E2D26FA517686D44D7106CA489EB", "APPLE:CBA8BD9BD1E4F4D2B32B5AB72B152FD0", "APPLE:E110ECBEC1B5F4EBE4C6799FF1A4F4E0", "APPLE:HT207268", "APPLE:HT208144", "APPLE:HT208742", "APPLE:HT208849", "APPLE:HT209139", "APPLE:HT209193"]}, {"type": "archlinux", "idList": ["ASA-201601-32", "ASA-201601-33", "ASA-201603-2", "ASA-201603-3", "ASA-201701-36", "ASA-201701-37", "ASA-201710-8", "ASA-201711-14", "ASA-201711-15", "ASA-201712-11", "ASA-201712-9", "ASA-201801-8", "ASA-201801-9", "ASA-201804-2", "ASA-201804-6", "ASA-201806-3", "ASA-201811-11"]}, {"type": "atlassian", "idList": ["ATLASSIAN:FE-7345", "FE-7345"]}, {"type": "attackerkb", "idList": ["AKB:64124DE0-CCEB-4AC1-91D9-5E1834B667F5", "AKB:D64902DF-C53E-4FEF-BA61-C566DEF8804D"]}, {"type": "avleonov", "idList": ["AVLEONOV:317FBD7DA93C95993A9FFF38FB04A987"]}, {"type": "centos", "idList": ["CESA-2014:0474", "CESA-2016:0301", "CESA-2016:0492", "CESA-2016:2046", "CESA-2017:3071", "CESA-2018:0095", "CESA-2018:0260", "CESA-2018:0349", "CESA-2018:0666", "CESA-2018:0805", "CESA-2018:0855", "CESA-2018:0998", "CESA-2018:1062", "CESA-2018:1318", "CESA-2018:1319", "CESA-2018:1629", "CESA-2018:1632", "CESA-2018:1633", "CESA-2018:1647", "CESA-2018:1648", "CESA-2018:1649", "CESA-2018:1650", "CESA-2018:1651", "CESA-2018:1660", "CESA-2018:1669", "CESA-2018:1854", "CESA-2018:1879", "CESA-2018:1965", "CESA-2018:1997", "CESA-2018:2001", "CESA-2018:2162", "CESA-2018:2164", "CESA-2018:2846", "CESA-2018:2942", "CESA-2018:2943", "CESA-2018:3041", "CESA-2018:3050", "CESA-2018:3052", "CESA-2018:3071", "CESA-2018:3083", "CESA-2018:3249", "CESA-2018:3253", "CESA-2018:3350", "CESA-2018:3409", "CESA-2018:3521", "CESA-2018:3665", "CESA-2019:0049"]}, {"type": "cert", "idList": ["VU:180049", "VU:257823", "VU:631579", "VU:641765"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2014-1480", "CPAI-2014-1535", "CPAI-2017-0411", "CPAI-2017-1082", "CPAI-2018-0011", "CPAI-2018-0510"]}, {"type": "checkpoint_security", "idList": ["CPS:SK134054", "CPS:SK134253"]}, {"type": "cisa", "idList": ["CISA:C1D0E305B2191ADE13845CF38D356802"]}, {"type": "cisco", "idList": ["CISCO-SA-20160129-OPENSSL", "CISCO-SA-20160302-OPENSSL", "CISCO-SA-20170130-OPENSSL", "CISCO-SA-20180521-CPUSIDECHANNEL", "CISCO-SA-20180824-LINUX-IP-FRAGMENT"]}, {"type": "citrix", "idList": ["CTX234679", "CTX235225", "CTX237244"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:0BAC6640342E1B3D4E55BA7644915045", "CFOUNDRY:0BD4290D520A235B05B93F0ACF4B7C2B", "CFOUNDRY:23B1515F8D5457421D7BC84DE82AEE7A", "CFOUNDRY:32C77274978FD738E63CD47FF8AF1676", "CFOUNDRY:387B2BBB51760E1FFD4562D4008446F7", "CFOUNDRY:3F8CD4B1E45789EF60832665828B7007", "CFOUNDRY:47ECCE360A3CA7D7D9F45EB019C00E9D", "CFOUNDRY:5EA2C5AAEE68B048A4F17B33C2C51420", "CFOUNDRY:5EFB3C0BFEF3ED0FAC75ED9EF0994C4E", "CFOUNDRY:74EC63FE794662FC4DFD36709B39475A", "CFOUNDRY:8722C197C1671303FFCA9E919368B734", "CFOUNDRY:9243E8457D02CBA7A3505CB1E0E03739", "CFOUNDRY:9A995523D48657F85E3291B54E0314EF", "CFOUNDRY:9F4839FC4D232BF4DBD0412884B16A6F", "CFOUNDRY:A516F32ABFB2AE83A8782E47D67A09A0", "CFOUNDRY:AC693D367392F4AE1E35E167BAADA484", "CFOUNDRY:B6F9117DDC7188793F0CD8F25AB1B9C7", "CFOUNDRY:C3D94F66B833B0AB95D359CF97DF9AA9", "CFOUNDRY:C7368B69703D2F78B11155E4CE99EC4C", "CFOUNDRY:E36E8558D6E84664F9D34B4A9E5179AC", "CFOUNDRY:FE675C625F5EEDC7C5C065721F8F1D96"]}, {"type": "cve", "idList": ["CVE-2014-0114", "CVE-2014-3540", "CVE-2014-3893", "CVE-2014-7810", "CVE-2015-0899", "CVE-2015-5180", "CVE-2016-0701", "CVE-2016-0705", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-5725", "CVE-2016-9396", "CVE-2017-1000050", "CVE-2017-1000407", "CVE-2017-11368", "CVE-2017-12132", "CVE-2017-13753", "CVE-2017-15116", "CVE-2017-15670", "CVE-2017-15896", "CVE-2017-16939", "CVE-2017-18017", "CVE-2017-3732", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-3738", "CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464", "CVE-2017-7562", "CVE-2018-0494", "CVE-2018-1000199", "CVE-2018-1049", "CVE-2018-1060", "CVE-2018-1061", "CVE-2018-1068", "CVE-2018-10844", "CVE-2018-10845", "CVE-2018-10846", "CVE-2018-1087", "CVE-2018-10872", "CVE-2018-1091", "CVE-2018-1113", "CVE-2018-12539", "CVE-2018-13785", "CVE-2018-1426", "CVE-2018-1427", "CVE-2018-1428", "CVE-2018-1517", "CVE-2018-1567", "CVE-2018-15688", "CVE-2018-1618", "CVE-2018-1622", "CVE-2018-1623", "CVE-2018-1625", "CVE-2018-1626", "CVE-2018-1640", "CVE-2018-1656", "CVE-2018-1680", "CVE-2018-1719", "CVE-2018-1767", "CVE-2018-1794", "CVE-2018-1901", "CVE-2018-1904", "CVE-2018-2641", "CVE-2018-2677", "CVE-2018-2783", "CVE-2018-2964", "CVE-2018-2973", "CVE-2018-3136", "CVE-2018-3139", "CVE-2018-3149", "CVE-2018-3169", "CVE-2018-3180", "CVE-2018-3183", "CVE-2018-3214", "CVE-2018-3639", "CVE-2018-5391", "CVE-2018-5729", "CVE-2018-5730", "CVE-2018-8897", "CVE-2019-3834", "CVE-2021-4160"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1058-1:90E67", "DEBIAN:DLA-1200-1:A0B61", "DEBIAN:DLA-1339-1:B1DCE", "DEBIAN:DLA-1339-1:BC39A", "DEBIAN:DLA-1369-1:33F82", "DEBIAN:DLA-1375-1:06938", "DEBIAN:DLA-1375-1:AA95E", "DEBIAN:DLA-1383-1:7FC15", "DEBIAN:DLA-1383-1:AD0A7", "DEBIAN:DLA-1392-1:883BE", "DEBIAN:DLA-1423-1:B239D", "DEBIAN:DLA-1446-1:83DE2", "DEBIAN:DLA-1446-1:9942E", "DEBIAN:DLA-1466-1:48FF6", "DEBIAN:DLA-1506-1:91878", "DEBIAN:DLA-1506-1:B3A8C", "DEBIAN:DLA-1519-1:1A158", "DEBIAN:DLA-1520-1:70B85", "DEBIAN:DLA-1560-1:55C8D", "DEBIAN:DLA-1577-1:71995", "DEBIAN:DLA-1577-1:76F49", "DEBIAN:DLA-1580-1:96660", "DEBIAN:DLA-1590-1:3DC35", "DEBIAN:DLA-1590-1:DF4FE", "DEBIAN:DLA-1643-1:299D1", "DEBIAN:DLA-1715-1:4A3F9", "DEBIAN:DLA-1731-1:D19BD", "DEBIAN:DLA-1731-2:E6E1E", "DEBIAN:DLA-2184-1:7B407", "DEBIAN:DLA-232-1:8CB78", "DEBIAN:DLA-2323-1:C146F", "DEBIAN:DLA-2771-1:D1964", "DEBIAN:DLA-57-1:29ABF", "DEBIAN:DLA-57-1:6DE0E", "DEBIAN:DLA-611-1:1B900", "DEBIAN:DSA-2940-1:494C4", "DEBIAN:DSA-3428-1:EC79D", "DEBIAN:DSA-3447-1:BF5C1", "DEBIAN:DSA-3447-1:CE269", "DEBIAN:DSA-3500-1:1A27F", "DEBIAN:DSA-3530-1:6A530", "DEBIAN:DSA-3536-1:6274C", "DEBIAN:DSA-3536-1:EEC30", "DEBIAN:DSA-4017-1:88D36", "DEBIAN:DSA-4017-1:AEF53", "DEBIAN:DSA-4018-1:01441", "DEBIAN:DSA-4018-1:DD3DF", "DEBIAN:DSA-4065-1:A75E5", "DEBIAN:DSA-4073-1:79398", "DEBIAN:DSA-4082-1:57979", "DEBIAN:DSA-4082-1:58978", "DEBIAN:DSA-4144-1:54880", "DEBIAN:DSA-4157-1:5A16B", "DEBIAN:DSA-4157-1:D7BEA", "DEBIAN:DSA-4166-1:929BB", "DEBIAN:DSA-4187-1:481CA", "DEBIAN:DSA-4187-1:E8170", "DEBIAN:DSA-4188-1:B3909", "DEBIAN:DSA-4188-1:E4177", "DEBIAN:DSA-4195-1:B342C", "DEBIAN:DSA-4195-1:C0248", "DEBIAN:DSA-4196-1:4C103", "DEBIAN:DSA-4196-1:6FB62", "DEBIAN:DSA-4201-1:7E613", "DEBIAN:DSA-4210-1:DBC01", "DEBIAN:DSA-4272-1:8EBA1", "DEBIAN:DSA-4272-1:F720F", "DEBIAN:DSA-4273-1:BEC28", "DEBIAN:DSA-4273-2:DE475", "DEBIAN:DSA-4306-1:95510", "DEBIAN:DSA-4307-1:C7B50", "DEBIAN:DSA-4326-1:8A854", "DEBIAN:DSA-4469-1:052EF", "DEBIAN:DSA-4469-1:B9B08"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-0114", "DEBIANCVE:CVE-2014-7810", "DEBIANCVE:CVE-2015-5180", "DEBIANCVE:CVE-2016-0701", "DEBIANCVE:CVE-2016-0705", "DEBIANCVE:CVE-2016-5725", "DEBIANCVE:CVE-2017-1000407", "DEBIANCVE:CVE-2017-11368", "DEBIANCVE:CVE-2017-12132", "DEBIANCVE:CVE-2017-15116", "DEBIANCVE:CVE-2017-15670", "DEBIANCVE:CVE-2017-15896", "DEBIANCVE:CVE-2017-16939", "DEBIANCVE:CVE-2017-18017", "DEBIANCVE:CVE-2017-3732", "DEBIANCVE:CVE-2017-3736", "DEBIANCVE:CVE-2017-3737", "DEBIANCVE:CVE-2017-3738", "DEBIANCVE:CVE-2017-6462", "DEBIANCVE:CVE-2017-6463", "DEBIANCVE:CVE-2017-6464", "DEBIANCVE:CVE-2017-7562", "DEBIANCVE:CVE-2018-0494", "DEBIANCVE:CVE-2018-1000199", "DEBIANCVE:CVE-2018-1049", "DEBIANCVE:CVE-2018-1060", "DEBIANCVE:CVE-2018-1061", "DEBIANCVE:CVE-2018-1068", "DEBIANCVE:CVE-2018-10844", "DEBIANCVE:CVE-2018-10845", "DEBIANCVE:CVE-2018-10846", "DEBIANCVE:CVE-2018-1087", "DEBIANCVE:CVE-2018-10872", "DEBIANCVE:CVE-2018-1091", "DEBIANCVE:CVE-2018-13785", "DEBIANCVE:CVE-2018-15688", "DEBIANCVE:CVE-2018-2641", "DEBIANCVE:CVE-2018-2677", "DEBIANCVE:CVE-2018-2783", "DEBIANCVE:CVE-2018-2964", "DEBIANCVE:CVE-2018-2973", "DEBIANCVE:CVE-2018-3136", "DEBIANCVE:CVE-2018-3139", "DEBIANCVE:CVE-2018-3149", "DEBIANCVE:CVE-2018-3169", "DEBIANCVE:CVE-2018-3180", "DEBIANCVE:CVE-2018-3183", "DEBIANCVE:CVE-2018-3214", "DEBIANCVE:CVE-2018-3639", "DEBIANCVE:CVE-2018-5391", "DEBIANCVE:CVE-2018-5729", "DEBIANCVE:CVE-2018-5730", "DEBIANCVE:CVE-2018-8897", "DEBIANCVE:CVE-2021-4160"]}, {"type": "exploitdb", "idList": ["EDB-ID:44049", "EDB-ID:44601", "EDB-ID:44697", "EDB-ID:45024"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:36C15641F65FD8A3C0901566DC9D3B51", "EXPLOITPACK:5F816FAE3FBDB1D267530F19C0426785", "EXPLOITPACK:F4489E070E6CDADA18DE546A030227F0", "EXPLOITPACK:F867C230BBE8FA4BCFE72E04CBAC881F"]}, {"type": "f5", "idList": ["F5:K02951273", "F5:K03451253", "F5:K04403302", "F5:K05345625", "F5:K07082049", "F5:K14363514", "F5:K16940442", "F5:K17403481", "F5:K18352029", "F5:K18364001", "F5:K29146534", "F5:K30184101", "F5:K30503705", "F5:K34681653", "F5:K35129173", "F5:K38110373", "F5:K40444230", "F5:K43452233", "F5:K44512851", "F5:K44923228", "F5:K50394032", "F5:K55001100", "F5:K58304450", "F5:K64009378", "F5:K65481741", "F5:K74374841", "F5:K81158013", "F5:K86075480", "F5:K87355575", "F5:K93122894", "F5:K95003704", "F5:K95343321", "F5:K96670746", "SOL04403302", "SOL15282", "SOL16444", "SOL38110373", "SOL40444230", "SOL64009378", "SOL93122894"]}, {"type": "fedora", "idList": ["FEDORA:00B1F604E1F2", "FEDORA:017D56156B44", "FEDORA:028E16051CDC", "FEDORA:046E16076016", "FEDORA:0544D60491AB", "FEDORA:089B7605072B", "FEDORA:08D3760E6566", "FEDORA:0FD96602C182", "FEDORA:10F7D6255145", "FEDORA:122AE604D3F9", "FEDORA:125F360603E5", "FEDORA:1324F60D30E4", "FEDORA:132956044E67", "FEDORA:1625662B796D", "FEDORA:1916D6091F30", "FEDORA:1C6F16348980", "FEDORA:1CA16613DD7E", "FEDORA:1CAC0608E6F2", "FEDORA:1EFAB60ACFB0", "FEDORA:2281662F1093", "FEDORA:22CA86022BDC", "FEDORA:250CB6087A80", "FEDORA:25BDD6190ECF", "FEDORA:28DCE301DAE6", "FEDORA:29049600CFF3", "FEDORA:29FCE65ECD33", "FEDORA:2C5386075B25", "FEDORA:2C89F6167407", "FEDORA:30642601DD2B", "FEDORA:3266960F0E44", "FEDORA:353CF60468D9", "FEDORA:3676E6002DCC", "FEDORA:37B8362B00D0", "FEDORA:3CB7960A4420", "FEDORA:3ED26601CEE3", "FEDORA:3F23C623C260", "FEDORA:3FBD8604970A", "FEDORA:41B546014626", "FEDORA:42DA3601FD86", "FEDORA:42FE3607603A", "FEDORA:44065605602A", "FEDORA:45707604CD90", "FEDORA:4832F6079717", "FEDORA:49B5A60CADB6", "FEDORA:4B961604A720", "FEDORA:4D5AD601FDAC", "FEDORA:4FA016419F1F", "FEDORA:50818233B7", "FEDORA:50E6E6087656", "FEDORA:5267F604C2BD", "FEDORA:5279262222BE", "FEDORA:5591D601DA24", "FEDORA:5639D6406A44", "FEDORA:568C0605A286", "FEDORA:56D376268FDB", "FEDORA:58BAF60A0C7C", "FEDORA:5A77C60200D2", "FEDORA:5AA3D60505E7", "FEDORA:5D742610B071", "FEDORA:5DE3B649CE94", "FEDORA:621A2609A69C", "FEDORA:660AA642E1AC", "FEDORA:66C72604D404", "FEDORA:67E46607601A", "FEDORA:6A9A16095B29", "FEDORA:6B39A60C690C", "FEDORA:6B66A6047312", "FEDORA:6CE076015F62", "FEDORA:6D641613A08A", "FEDORA:6E66862A5C82", "FEDORA:6EC6360BEA04", "FEDORA:728DA604CD72", "FEDORA:7312F6087A09", "FEDORA:73C3960CDDB3", "FEDORA:73C6F628E99A", "FEDORA:7640C641CB61", "FEDORA:821736164C16", "FEDORA:82A4730AD419", "FEDORA:845CB6087671", "FEDORA:853AD608EC23", "FEDORA:87BD56087904", "FEDORA:8830E6049DEB", "FEDORA:89597606D8B2", "FEDORA:8AE5E604E213", "FEDORA:8EA746050C5D", "FEDORA:8F974604E846", "FEDORA:909D360491BF", "FEDORA:9145860769FE", "FEDORA:9301E6076020", "FEDORA:958BD626BB06", "FEDORA:95A686085F81", "FEDORA:98315602F10D", "FEDORA:9E3D9606D195", "FEDORA:A02E3603EB55", "FEDORA:A25EF60DC572", "FEDORA:AB2DD6067A04", "FEDORA:AB5346014BB3", "FEDORA:AC7FC600CFCA", "FEDORA:AEECE6075DBF", "FEDORA:AF94A602D551", "FEDORA:AFDBD60E76E0", "FEDORA:B123D6237604", "FEDORA:B1E3A608B7EA", "FEDORA:B395E6087A9D", "FEDORA:B54D264CBCAC", "FEDORA:B7EFE60A96DB", "FEDORA:B803860875BB", "FEDORA:B87B460876BA", "FEDORA:B92AD601D827", "FEDORA:BB798601F379", "FEDORA:BBFE360460D0", "FEDORA:BBFF6604C5CA", "FEDORA:BCAE760875D9", "FEDORA:BCF8D6075EF9", "FEDORA:BD35260BC96F", "FEDORA:BF6FF60A96DE", "FEDORA:BFFEE66469AF", "FEDORA:C15126057704", "FEDORA:C2B146042816", "FEDORA:C49D061F375F", "FEDORA:C64AE6007F37", "FEDORA:C65F560874BD", "FEDORA:C73F2604D4D2", "FEDORA:C7A34627CF63", "FEDORA:C8DAB604A066", "FEDORA:C8F726082DB8", "FEDORA:CCD4F6098DDD", "FEDORA:CF3446076A16", "FEDORA:CF8B162C3B99", "FEDORA:D013361742CE", "FEDORA:D208C60874AA", "FEDORA:D5B9761C9D69", "FEDORA:D5F726042B1F", "FEDORA:D6CAE607A456", "FEDORA:D6F86601E6D9", "FEDORA:D9EAD6149F94", "FEDORA:DB978619EB1C", "FEDORA:DEA206060997", "FEDORA:DF5176048167", "FEDORA:DFCF964B861F", "FEDORA:E101E601FC0D", "FEDORA:E37FD60924F1", "FEDORA:E452E6021791", "FEDORA:E5291607602A", "FEDORA:E655260321A8", "FEDORA:E66CE6076F5E", "FEDORA:E6F08605DCE7", "FEDORA:E6FC960603E5", "FEDORA:E8B02603B289", "FEDORA:E93AE6077DCD", "FEDORA:EA819610425D", "FEDORA:EAC7F6435E1F", "FEDORA:EBB026048D2E", "FEDORA:EC9E0604D409", "FEDORA:ED949601E6EB", "FEDORA:F1BAF600CBF3"]}, {"type": "fortinet", "idList": ["FG-IR-16-012", "FG-IR-17-019", "FG-IR-18-002"]}, {"type": "freebsd", "idList": ["1AAAA5C6-804D-11EC-8BE6-D4C9EF517024", "25E0593D-13C0-11E5-9AFB-3C970E169BC2", "3679FD10-C5D1-11E5-B85F-0018FE623F2B", "3BB451FC-DB64-11E7-AC58-B499BAEBFEAF", "3C0237F5-420E-11E7-82C5-14DAE9D210B8", "3F3837CC-48FB-4414-AA46-5B1C23C9FEAE", "521CE804-52FD-11E8-9123-A4BADB2F4699", "6D33B3E5-EA03-11E5-85BE-14DAE9D210B8", "7B1A4A27-600A-11E6-A6C3-14DAE9D210B8", "7B5A8E3B-52CC-11E8-8C7A-9C5C8E75236A", "8719B935-8BAE-41AD-92BA-3C826F651219", "8C2B2F11-0EBE-11E6-B55E-B499BAEBFEAF", "9442A811-DAB3-11E7-B5AF-A4BADB2F4699", "9F7A0F39-DDC0-11E7-B5AF-A4BADB2F4699", "B7CFF5A9-31CC-11E8-8F07-B499BAEBFEAF", "BEA84A7A-E0C9-11E7-B4F3-11BAA0C2DF21", "D455708A-E3D3-11E6-9940-B499BAEBFEAF", "F40F07AA-C00F-11E7-AC58-B499BAEBFEAF"]}, {"type": "freebsd_advisory", "idList": ["FREEBSD_ADVISORY:FREEBSD-SA-16:12.OPENSSL", "FREEBSD_ADVISORY:FREEBSD-SA-17:02.OPENSSL", "FREEBSD_ADVISORY:FREEBSD-SA-17:03.NTP", "FREEBSD_ADVISORY:FREEBSD-SA-17:11.OPENSSL", "FREEBSD_ADVISORY:FREEBSD-SA-17:12.OPENSSL", "FREEBSD_ADVISORY:FREEBSD-SA-18:06.DEBUGREG"]}, {"type": "gentoo", "idList": ["GLSA-201601-05", "GLSA-201603-15", "GLSA-201607-09", "GLSA-201702-07", "GLSA-201706-19", "GLSA-201712-03", "GLSA-201802-04", "GLSA-201803-06", "GLSA-201804-02", "GLSA-201806-01", "GLSA-201810-10", "GLSA-201908-03", "GLSA-201908-10"]}, {"type": "github", "idList": ["GHSA-4C43-CWVX-9CRH", "GHSA-5GGR-MPGW-3MGX", "GHSA-7JW3-5Q4W-89QG", "GHSA-CVVX-R33M-V7PQ", "GHSA-P66X-2CV9-QQ3V", "GHSA-Q446-82VQ-W674"]}, {"type": "githubexploit", "idList": ["4066A0A4-284D-5ECC-A476-ADDA61AF9A76"]}, {"type": "hackerone", "idList": ["H1:113288"]}, {"type": "hp", "idList": ["HP:C05869091", "HP:C06001626"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20170503-01-OPENSSL", "HUAWEI-SA-20180615-01-CPU", "HUAWEI-SA-20181010-01-DEBUG", "HUAWEI-SA-20190123-01-LINUX", "HUAWEI-SA-20190921-01-DEBUG", "HUAWEI-SA-20200115-01-LINUX"]}, {"type": "ibm", "idList": ["002EEB5F5A7739989BC247DF814D8328529073722D1EAF6319232F8412E43B85", "00420FAFAA8875EA075916FF1CAC2CE1CD7DEB3C678E654BFE5E525386DC980C", "00A1D6DC064C47F0E565B412BB43C37877B1ABFDD9F59580D29C57943DC268D8", "00EDB390B75880A879E6A53234E21CB5658CD8C65D3D0DCC9D05D30BF3E32D2E", "01573F47C4FBAFAA208BE5FA3DA4BD3E5117A940DA90963EB2272E60BE0D95E3", "015CED4DD111438880FFDB361B30E09A12892E262FEEA8F7178F7A49BBE7D4D2", "0194CC3AD0882E63750B21484BE25BE0A53CE17F2AD6A4F51CC4B6143D86CC18", "0195EF9270C92B580690607B214E8A9EAB1DF3E5DC94EF6452F5250A541EC1F4", "019F23A3AAFAD4919B6106A6E7DC0182EE72C7EC2EF686F12146B41D4C9DC04A", "019FA75BE486BAE272A3C266F065B913DDCD90A6B3DEE113D7B37C2ED2A9914F", "01B80A8D425AFB413255097CBCA8418F013AC70CED6495B3EC35DCE35716E34E", "01E2355BF547BE81A3CEE9C59A26CBC7893AA5A3C154AC3FC038A2781192AA1B", "0241AD14444530836D909285432DE0EF409B9993A9D61A28514B61A052400B84", "025E2CD6F9F010517E9E17E8AC66A53012D7F2D3765B567272ACF4ED02426647", "029C003CB67044F3CC348D6A07C9A3F2BB425823B0A74538BE89480FE52DC2B2", "0309A53D35EF827194465C9C10BC98B7D4795038C7221686EE2E7A4669562BD7", "0330E0590E15E07306B13AF8814A78EACFC6A68CDA6E4467BF84065FC8ED6C79", "039AC103A5B3C8EC7D2C11AEF8A46F95AD73FFE88CAD74FE5BB29EED8E0EB9F1", "03BBDC7050471C64169EF3EC23FC2B3C55CC822FFA0D98F53466C52354E175A2", "041A9A3C9C85491FBA80F20FDE15BECE6FFE52C088F2ADCE3945F2AE856C2BE8", "0486FF681C1A0961D28244A014A40136703A4267D414B936A2188B5042485FDB", "048AA308C625A32EC6DB549874FC81F6B800BA0EA59A9091A547DCEA6B0243B0", "04A2D8C96A2597640B042A371899D0C3BFBD23E7CE6586C1EAEFBB5A99DD8DA7", "04C02A7E582660CD6B68F6BEB1B2E60BA695D9E162B960484D27A37445B0B16D", "04F731FF1A9FCF7F7388FEFA13C178719DB6D6115FE6CADB144B751FF89B8155", "050C4CD191E772BBB89D37433656A4CF140CE5C30F03D9CE4A5D8081AA772A03", "0587C3ACAB30BC359B7B8C39862E13C4D8B029D3FDCCF48276CCCC0642A5A049", "05E2BFC50A1B5CE146BAE41B0C0E443DE655E2385F174C8FBD8F752C5D1DB10A", "06547872321FA684E7C87A7CFF9923A2461A57C37C09CEC2AAFB645B2D0ED38A", "06852EEA8CD7CA7F8840D2FC93096A4DD156B248C6D17CEEEBA4095B19D215B6", "068E4774F9835C8E080EE324144DDF1D362B4CFF31E92E6F3B859DDEBD2C9E8C", "069F58181471E98C0C6EDE4A21485D35163C973C444F407E9C0B25C289599B53", "06E5DEE82C960C089994B1110D4E9FB01DCBCB8B65F2F9638E495384F011BF0D", "06FAF3AD79C8BAC8455C602C3F4C354C0CD9450DE060FB4D831ED000993782B4", "072EBEFE4EF574F4A87AC95BEA1237C43CF6D39DDD94C6BD9B965A322BB8CD15", "07743EC5FD02BF051179E8EDA780279036C79A04B0366A8C5770487DB031DC54", "0805E7A2C6036D7FEBAF075EE767AB91B73C933992CD43256425DCE028EA66B7", "0849CEF680F68843BB8ED3027181BFC6E58FA418D5C7E4A78DF8C347CCD2AC36", "089455FB91FDFE7E0E828CF6E910A5D0E5BA1A056A27C13F87FC0F4D9B5A116A", "08DAD815998C38E35C2D8FB39A01D6CBC7A1256EE144E21ABCEF848B081F3195", "08ECBCA670F0B3F435801B7A34A3A7C7EF6315794FDF864F61E57E02C2E3EFDD", "08F87025493A104B4091CFF6935DFCE470A9A854FB5B3EC919666B1B704EF052", "08F9691BC937E0FF029D7696F76F6F36E69E64093E5231AAA4F8F7612ED181B5", "0909EF6749E7A2B0F8C767C980DB46802122CBC68A27D0AF5DB477B3E9C77269", "092CAE22FCBC5AEB35A2E7B881CBD0CAC246C8123BAE6E8B15FA08365612387A", "09553830DFA8110107329A5D2F6A66425237D9EBA158441C2A91D99DAF3C6AE9", "0956AFB7DB9AFC641FF0AB7205D6B40304DC321488572F7CDCC5BB67BF55C4C2", "0976C176E97A39F9A89AE40E674AFB87A89A5DB439E2A1C90351D75E792A52BF", "09C0C603EECE682CFFD6D5C27B3EAA66D128B79E9D89A33E4AF2314E9BF9995F", "0A018131C7D1A39C9D2717C5F314BB8222C3AEF81C435194A7607FC0D35BC538", "0A2242182FF9C6E616AD12CDAF12C0AD6141133E4FF262F6CC0FA251C0F7DD9F", "0A3185367C4C819CB6D1F686A54CF066C2C0634F508315519FDBA3FECD7B7689", "0AAF20ABB2C01B7A56038EE3A91075A2F1EEC73B4B0469F83CF3E894D6C4BD7B", "0ACDC7CDDEE06F34F2256DD048A556D53156ACF793ADBE3C9ED53FEEE712EF49", "0AEC3ABCCFB562437ED4141670F5C7C6E096FEFB11D3045A28046C82B784AD9E", "0AEE92C160595E12F2B408379E77249A37C4E9EA4B7846F737A3F51CDD9B5DC3", "0BAE3F39743A07D73D933FC781394D4C201498DFFDE65C7CA1A49531921269DC", "0BB0F39865741AB9E1AFB9CA3C5508F7FB9BEACECB805F04C6C6B336AA66617E", "0BF2FED613277F6CDDDBA8AC10E615B0FC78197B6B2372D3EFAE5800F310F548", "0C0756C600D4B428F9DDC7547681FF909EA01654FA2BE7931EB24F307960FE26", "0C281BB8A8549C9E43C1B2C75F0A42A521A5A648607A4A95488199D58573908C", "0C29FAF85C5EC3892E0C7FC8A3C627A137E252A256F858DFBEEDBE883E306C75", "0C490921FAAC6EC4E424F155DE635CCB712F823D24E202D931D2781660872BF8", "0C55B52A5C32F214BC0363E80618712A46771346F7B2A09C296F9583243EA669", "0C5DA80C20F23A04F5CE9262B64A56D9B4B5120D3CFCF9AB9433D2C6F8CEEB74", "0C9BE2F3A245999460BB6BC497E21EC27992E79FB4C1D769E6D1CF729AB33300", "0CAC6F4414CAC59828DC6497D69E4CBEA3A13AFFD03636CAE9B0C1F00FCEA8FC", "0CB3289D9C4FFFFDAF7DED74E8778A16A4557A21129FB8FA189501E44267B132", "0D7A334726D7F8214BDF965C6B0ED351221CB7A9A083042878EB2C3CB193A50A", "0D95BD029EF7D61B7C200E5DCF5114404F54883607A0E5A132C410EA37160E69", "0DCB9190AD49CA4A44EED134393F472D4D903648111D70599B707F22E81A5F5B", "0DF9253AF727D8388F8FCD3B325345C60991967B703210EE89018A164DCFC156", "0E0A5A7B6700741752FA21EFE9AB43CC6637781C0541DB39566FEB4927470584", "0E6C36AA0AE26A92B3320E10EB0FF0C10724B1CFCCE3BCA426B32FFB32CA660D", "0E703A42B01F9DF3E0FEC04EEA4F7733F5A313C86865501C0F8A79378E425C34", "0E99885794CFEB4EA92D09FA1554D46778136AD4F14F1A4027E56C6509C20B72", "0EE09B7EB7702170D95421E24B37FF3DD1538C056EA0EA2EDFE386FA1CFE89C0", "0F03B5C9C2D06211B67D6937AD3D6F685DB8B1759561725DCC766A603D57FE2E", "0F254BE920E96D803CA1A391E1B8A3B0C658E51C8C31B0AC0F95FEDD45279D52", "0F4490A26A7A5960275AF6437143D350A19CD931C617E64E2575EA3E557FDA61", "0F76E12B5BAAB0162DAE617C343507D017DAEA0A7546017A6DA4F13518778837", "0F8C9B43069C04EF8D42F75FA8D42A5837D2A01F1B45F132DD6CE116C7562B83", "0F8CF64E4BA7E4067B89F12D305CFF6333B55712EB5284D5407CAF33CE61783C", "104BE807C8577FF816DF414B5A588FABB581711BB54758F6F49C7CAC17CD68BE", "107B029DD56A2199A3A87E51461350D452A0422C3E3D25CE9E1B91F71C36131B", "11452E38010E945A0FE01EFC4554F3798D8F99A1582985B386C674085821DFEE", "1183AFE6070A2858FC9AB7F9B6B70C23D07916E7FB1310965184BA33E2071175", "11DEF8012E28C5EDA3144B78EC3E85C89DD7ECD6EA08B7B7DBCE879455FB0241", "11E81EB1E5CBC5601C17BB0C111739EAEC08B28C324C7EB2A55D622BD6C239ED", "120FC7D8C2D6504C05B7406BAA4280E35A324B682513765C374D6393B0000A38", "12160D8B9DA998BD9B96E21D163BC830E6C209BFFCC664A483A9178521D4B6C0", "12334ED70CB67ED545CF9AC3FDCC803635EF82EF4054FEB39612293593F4144D", "12780044E1A62D25F913723FBCBD5B926E91CC9AC8CA8FAA1DCE18D02D152689", "12951A7E180E72D19BFB63FD83A246813285D33333D44D54231357B4F2632B13", "12D1D3B02B9A92584E54702008CF362FF7126D81BEF7414DFD6E675FE28D2487", "12F1CE1C14B7D672AF2B1C7512B6701A153854463DF39928282469070EC71BC9", "133D2E1F625AACE103F22B7B5E3C3339B9F2C53C60EAFEE5F0248F495246C85B", "134D70F38973A4CF5EAF6C19048E39F5CC623F71FC41D9EFB895FD2A8BD2A78F", "140E90DD98ED4CC1A8C413867579B2EF4F8885020D8C9B221D7DC0EFA3D20518", "144E2FDA5818BEDF6E97DA8F56942108258B6778FA9472BE0FB6E286C871A08B", "1455F404660FCFF4574A8636C05189B76DEE7EFC52AAE395C13962E8B14A9830", "145C466A77D0A6FEF80F580454F214D90E288C5C4D499C555463F1B1EA878D02", "14BABD267328B06E348CFC2F5F1D68F37ED19BFED79EE0D26C8A0C92FB7211DB", "14BD749017AE060AED200565ACD17BCB6B9E0E436293E58019C1020150663930", "150C26A4B23CEB9D10D6B5FB3E82060606745E070EDD31CF3D53C5969B98B0BF", "159C34E5AFB6BE1F570922202E0562653C65D24C44D5B08DF0970536EC4F5951", "1611B3A16371ABD579690880348CA8BF6126583139D68F59F396713B6D09BC7D", "163ADF654D1EB625A39EB8DD02A8E4E310051F8FC3D34A39927CF015D71EB809", "16B3DAA9311F18385C330EF6EE8F7F81F1E9F017180F2D1039DA4A521BCFE83E", "16D3A615FE4F0DE2B2888F9DDFD360888D581F752D485F410B6F620F759D6010", "17334E2B2E377127A3DB9D8D2B3D751E05E47C0A957D29E8C9C6DB01E922B894", "1737D1E8527BD0467D4E69C7B3DBF9CDEB79EB39AE77EE9414A0DBD7874F6504", "174F1CB3220ED56F318FA688B5104CC5CCC2107DBECA87BE989ABF3A0091E073", "17AC070B088ED54D1D535E71D0C72253EA0B0CF8E4A85C9FF16B18A1CA043C8E", "1807EADF7EBF2384517F3DB77ADDC9D63E9DD27A36B822C92526AF1341782404", "1815BD265DEB0EE550962E1526DA1FE75BACA3823A20A4BCDA8ED078F9EC9C8D", "182DE32737108E6E71A7CF6A3EA87D20BC83CB1A2868B49F94B14EB72A2F5ACC", "185CA7A92837C359609A198BF638BED42D46EC58A2CC11C01C5142B98CF7B593", "1938EF2B0D71FBAF6AB421D60045D6A4AE007892E15AA17055D456F6A5ADA625", "19663A6693672015D5E48ABEE9A76AB50A1C71EE9CF0548228C739933A353C88", "19836CFD4B17D54261C87EA5080CE00A6A0B8431CD9312140526446DBADCF9AE", "198D093D9C927822E165F6429C838BC5B7134A1851CF1DA1828FA2580300FFCA", "199F635B1B35FFA7628E6AE481F1D2EE89267D425F70ACF7D67C55CB7C35B701", "19F9B2D3F02CD12E95CAA102CAFF73CF1ACA08B82792F23CACA7A607695B6F33", "19FDDC2F74E05C9B42A0381D32E09D70E2D2150176C46C3EC98FC8C0DDA647DC", "1A977E1D46AE4CB4B7068DB341125931FAD75C28D6703503973FFF9BE917887F", "1AA4689F61391429998123661409491C7FFF90C591FBB12E8BE2CA2BE514C7C6", "1ACC694691AB4FD077ABB55D1B77E0177D88CFCAA1356CB1FB77FDDC303FF073", "1AE1A5453DE71F54F721615E0361AC5AFC9F69B537244D4EE71AADDF1666ED92", "1B19D126003141A6A816E9828AE3D1FC31334BB91578DB0151D0E60007766B4B", "1B4FAC1C8F3027D3879002498B1A521DD83409ED113B6CF3482A9DAE63FA20DF", "1BB3E76A9D3BFF47A93C0E8230266D820091FFCEC0B3E126411C6575A9DFD492", "1BB4BBC867EABE0F27416970516A7A37FEA85177C8BAEC5D2FCB7FE4B7E6AF1C", "1BFF63EB8AF39056E08427B06D34E43B32E43FBCC74FB2A85F32E708984FD60F", "1C3B18793ACB5388E3C647E0D111B2CBA7FB3EDD55E25DF15A8B98FC47CA05B3", "1C3E0E986D07CF06CAFEC3891911BB749170BBDDC10CBC3DD5CBBCB8BAAE0A0F", "1CC43C4A66365486759EFB8BF9ACE86934571B8459B6E66D63A5190659B18DB4", "1D17AF388979A4680B7C566D64B28C89A5848CEAA9BD357FA3DB1B666908BC13", "1D6C51DC7D1DD9D1A9F07B9737CE12B7F8F933D3089EBCB68A0BBCF75680D250", "1D76D4E527015AC552E0F1E0165EEE21B6BFD92459CA2D89A23B02948F8C6219", "1E014E7185ECE2676B9171118053A4D1DDB9F759CD3863CCB79D1B3DBD175B95", "1E5AE139B10CF500092EA776D2FBEC36F6F4E6FA4F54A5E7D26647544F0BCEDC", "1E645674D777924BC329B3C0A175ED89181CFB788B28FF3FF2391773A332B20F", "1EAA33360D6A7077DA78A614D83BA795F9BC0FC37BCEE994A81654BB9F3E8CEB", "1EB4C94ED5192A787B590CC4302D443A60AA1648687FC5F70C91C7216427D0D1", "1EBC77DA43FD0C2AC1B3FBFCD06096623AB926F98B7AC6367589E5222F2115BC", "1EC7DCE779D42037743E9BA3FCBE93B8A6E707DC01A8D48B70986DB6438CD86B", "1EC9D814A44355A00FF42F8C8587C9E7C452415354E28A889935185CB4613BD7", "1F6A08C1A5D78FE77D8566232C49557E2537AA33950B848B13B0C343EBCDA602", "1F77C49508A67A8404D8F97FFF5D13FF62F475445679C531C2B06AB744C6BB10", "1FAD09CDE902B31B36598858AFDB778F506C9B4542A05E4DE9B9794DA03A4B0B", "1FB0ED62A8783D5F0F851ACF08997C893E864533D22723692A81BCDFE70E301E", "1FBBD13CDB2B5113B0F6732EA5DC22F780137AFDA75701A47B3377103A9E77BE", "1FDBEC12027C052441E05FC3350A429DBB3A5C9A3D9891A4F100ED317B0CEB5A", "203637A7337D06861774179D4D3518E325B33E9B8CD6DCE1BD240CA49279FE67", "2043A5155256050F160330C3A6F88A4EF47A0C2DE48EA69299E3599EEF5985A0", "20895B7F4EE20D27BA455BF8CEEBC16A47A46F3AE7F323DD812A3BEECC1B20E8", "20C71FD8032A71BEDBB62C86E34053CF87EE9CBCF362998B412753A51A06C872", "2109FD8CED53F2A1B6C1B6353ED39302F68D864AC17515CFAC20B06E5D8FBDC9", "21A7AD719DD13CFAC33065983721DB65123C32733B498EBEF6EE3F60568E2A40", "21C909AA925BE0E93928A0ED421E76EC14F61544DF856B3B672A7C484A22B9C6", "21FB4E6484CD2C557315381AFCF80B167506D975B8CF95E078BEB82443AF7256", "235A36D9CC1BA1B9BEC5F6CAD35060A5EF1602254ADE78302EA78955288ACDFE", "23BA9E1A95485FDA5113C5A985FFBA48AD2E78665BA734F9E465CCC361105BD6", "23E0854DA6601EECDAEE0594F591A86488CF01BE66C9986367D644B338C9D2A6", "23F4B88FE854F6472AF6E49BDCFC4F4C04A4941FED4D1CBE852D4468308A73E7", "23F8C1E67922626C0589CA86ED9B40D441D494E8B56CD8FF4A2EF76F18E6861F", "245F288CE1AFE183BF0ABD6D6278EC4AF845994D09DCF6701FC721B8633CC141", "246AE837C8445AA703779C662133545265398BD5CDE8F38537EFB3C06E7731B9", "249074288E44EAB0AEF0B04EA9A9CE5CD640EC8C6231696652A507E451FAE714", "24CBFF122FF415C5CFDF11F4F1D6A1825BD4AB8E9DEA8F07E2596985E17DE6D2", "2512D59FF30B751C4C9148B35DCDB77335582506FED2848198426D89D81F573B", "251C423177798D75830F3F5802954088E3387B66B51C34FCEA1E4482B6FF4B3F", "253500A7ECE4C3C7EB86EA53BD0907449DEC20A5D3EBC743BC78DE08B7249319", "256AA42A72111F59342A1927ECDC3C9961592C2808AC8DAAF5F645353901A5EF", "2571018C4333BB3F6C19EC9F2B6BB5326A2BDD39E6D8AFC796E89DE41BBABC6B", "2614071BF8D5B0482694D82BE1651280FCE95089D3BF507FE1CD1ED3591D2446", "261B7A08073C892D897B71BBADC0B1029C41F38A71DB3E9F39105D50FFF553A0", "267A117C428BEF698E326F0112B2A246CD0BDBB086C1F9B8740A92F31F4370CD", "26FDEF4686F824A255770B8961AB492AA5E4A9A534F8EC7775C73A50569E127C", "274251E99258A9645E690CE61A163F27CE228E7CDE12E000F53A4CC38F801747", "2748115B8827AEEB9EE4F46184B9E8999C4D22B9C32938C1B0905130332D0FE2", "277DFEABF06486F72335635DBE961995DC591601976D8D5A79AFEDD4E49FC4E0", "2793CE5A824B38FC621F9D0C337542A32DF2A4245387084BD98275F74BBEF6EC", "27E794EC09F00200C27C827EE1EB96DE773D6D40EBA8EA9AF424DCEEEF02185B", "283133FC9542390AE81F9D61070F8955F8D0D0E5CC2DFE4BAE6C0F4E6A296C96", "286378C830B748E29DFAEAB7AC19693EE4565D1CAB6189EAA20A975B835DFAD6", "286787C68D7D1E5DA11E0C4CA3F8AB0318EC73B4F079B533965E2D7FAB4E48D6", "28E683B9E1028822A2C208D0617DA2DE26079DCB38CC45919D696CC7747F906B", "29036B6FEB00571E2FBC00E867150134E5DF9C08AD44F9670B7C8B0109F99570", "291CDEB3B052F83F4CD9EEB51160C0A1976EEA944AD2E7630096F4DA64D82A76", "295EA5BE527E8F62618A2132CBE9218FD53C8296127AD79D1990CC74EDABA99C", "2AD1085FDB0395E5C256FE4D0F4CB2974731A64B2BB5F290682C9F754F8F63BE", "2BB93AE1C7A3B73A6491F3A66D7F39AEF96849CFFB0026B650053C816A375F8C", "2C50142AFAF98D1A6DAAE0DCF60AF9902BA861EACEB35AD2405F8E31A1B54456", "2CA70E872C7C56A23F30D754FBD63C5F3F27210EE8E8208F0D600A2677A13C96", "2D4641FC93F25631B43611B430A358D32F4D1BB80F23C0AEBB133618A3A7D20B", "2DD38E427DB50FDA5C4D07F52BDC62BA35206BA44BC185595E39ACAE88DD41C5", "2DE091CA07117F67C4FD3C61010878CC6DC8E520AC7DB498E6AE9A95138728A3", "2E064CCE4E773F8516DBD01DFC5CDC2BDA4E68E70DE9EEC8A9034E57A9AC79E1", "2E5FBC98B3C629E550C399A69E443EC94829D2F3063DEF6F05348CD44D0F724E", "2E9BC1AFBA9F34E20E313BA5B8B5B6C1AEEC0E8F6EC0B353125AA17460789A62", "2EB239F42D6D7C7FA19DB2D44FE26391F190CD35DED01956174DF034F07EE7DC", "2EB8A3A34F13FAA08E22E3997DB0F3D1575349656D6F141EC72ED1BF89C93546", "2F4353DF684AD6726CB9491220A703D4AD06D4406D7B35BEBCB2D4EE11863E10", "2FA66E4D6EE588D405F97979314F1290BEB4E7B47B99AAC55A22C16EC0E73CA0", "2FDA4798729D99054D99195E15830AB39CD2F277012B44452DE7D7B047CDB4C1", "2FE4CF7BB34784BFF37122F90385AC078B732EBBCE07E752C39D2D7142E14437", "30015D3FC7D21C469D5C563C8EEB6988F26B5F676BFCC6457A944A8011875CA0", "308A05F5B1028A741D58EC30AC13C7A0A2B660380B87E8811177772F0014DA1B", "308C17C0C6FCE405B0E11B61D017D5167AF357A61BC5A5CACF4B9D2A53C4762F", "31066745C5F3A1400280F9DC71A8F83272987B4B260AC9B56A741D16CEE2CC3E", "31163EC63EEB5A0179912A0BC305EF5FCEB5F7D34DA7DEBB412A6F63DD9E8667", "313A00F072320526FFFC01115C5A87DEC8F1D1973172B633553FF56404DB7C22", "314516857AAADB7AA03337006747C8DB9270DE795F0A78FE374851EED826999F", "3165A2AA157F1B9BD1D78DE6275BFF661B98BF29C82399B7216463D7581B8060", "3176BEB400E2C175E450AD83B9D31B64EA774670A435110AC0824BEA48AEFDC4", "3230B5C261EC75BE3334755D51C9AB2E3BF3C718B1D0EB81405BE610E871641B", "32C5F3A427C23B34350EBCA676883F18871AA834AA2E92920588454B1810F4E9", "32DC9F9BA53D9180410966247AFB157F44E51430425A01E300D26CACB70F6F16", "3351913AA6F914F18448443EC647D11C82F5EA5B9063570096C0FD695ACD7A3A", "33E618FFA988ABAF1F8980465E0C050DDAE38F327AE61E58375E39344D009142", "340A46633C57BC64A513C7574F7A78D6AB2EB22FC581AFEB2E64A95AF1A94932", "341A93FC1A45E72ADD48241188A719F3789D0F8084730D93C2ACFB474C42ABB1", "3454AE2A0F482D3BBF0442DBAA0F9C0FEDE2CB65C5692FA45A85B8667EDECD32", "345F51EBDC4B614107E623B2D5435B6EE46DAFBE316CB6F79143A9BB38DCD9B2", "34725BB2BE8B76D39BB78087092AF65E90BA8CE1166FDE6B71B1970D80D31E1A", "34EB1A2ABB852D340BEC67AF21710C6CA41354E6EBA67D52D896FB4AC75A5484", "35606141CD078AA5F2C16D07D6781F5F7CA625C4C3A9CC3298A418072E267FA1", "3574BD593D447E936398677DCE6B2D12A45D284AF684F9746880134D036BECD7", "35774A12657731256610BEB1ACB2AE99C105060354AA560F82DED28AE65A8B24", "3582AA92271267A0985635BDFBC8FC9F24691B1A4D1B420CDED32DF204F71D26", "35E8926C22ED4C3243C1B5C02680DD61921D50FF6BE976433A3D51EB64E6BBB8", "35F12CD04C52D0516D911E24D8A2565EEA93BD02510C2FEB5FDDBAE3F5BC19F1", "360DC7CD246693E2B1DE1202036FEC8857313D282295C1CF5B81C9D2168D8BC5", "3624DDD0AC776E39AF868A639FAB62CC5C98B3186CF78AA2720A05D9C15D3976", "3629E8AE86BD50FD71FE5B9A925D7818A407BFF0801CCC4E3F4432D483E9EBE2", "362CA001FD00553BE7174C03BCCCBF89F5AB1348C42B438F71C6E4CFB81D7E56", "362CACACD7776045B3E9E86EB075DC5529A30525FDC38946CD5F9999C1B4D477", "363661231CDCF5535EBC32F147EBEEC8D838F947C18CFF4C8F592EC472A3B7D6", "3659C340A6D2D7DFF08D42EC9C78072400127719582493159EFEEADEAD1C329E", "366FA55EE0B09B40AABB041DB433F5E49FC0E42F7988440387EBE3EED9DBAE91", "3672170404F5307E55342FF12D5BC161435454EED56F454B31FB530876413785", "3699F8679BBB191A98D9FBCFD8BC4C58C05DF3597BFE29485D69E565EBD20AF0", "36A705DC8B6AC07E5E1B5A8DC14844EA4E83EADB8FEAFAB5BF02844C75250EE3", "36C8876D30B6ACE8A886897CFD69A2205FB314573E45CC13518506C5E99C6764", "36D315B30D18001BF5E84918587F5ADEF4FF51D3849B8D63BA3D394471952BA0", "36D5656B737C49D8FAFDE925D61AE63B48AA8F5E7E1EB36E926568F7A43AA810", "36F644EEAE4513871E9887BA25F3311DD7179E5F76950D932F2F4E3C52D4F660", "374411ADB66A6B6C60B3EE4DE9977ADF2AE7482BB4DDC9927957858BCCD39B02", "376BF79A42FDC2B79EA0ACE3299D7D2BC084C5F6732575256A96FE46F43D836F", "37A985FBDF998EE533DC2E325FF1CE70E846E757283D3AD6AE5821D46AD64C14", "37F93777210D3E697FEE1FFB9F1F24D00587BEB90F69BC2D11101BE949FE12E9", "38162B4ECCE4D535FE8747261E29EBA3B4FF9FC521486A22D001337B310FA4B4", "3851D26A1B7DF88EA8BA11EEB80A7341FC47BF9EE9F99E03682D841ED55868A9", "386212D45D6FE16A001C9C61CDD42F6EB8CCDC69290295BBC8022301F11D2E0D", "38A52946485CDACE22A8567270FB7BCF89D68886DC114C803BECBC70C09308C2", "38CCAB39CAFB6C2CE3724A92B67DF0EB31883A90C9A3CCC11561802DAE51A944", "3950A1BC0426AE4D016159E4D2CAF54A8DB5C777E8AD57B2F2EABA89B5BA76DB", "399718E68B1AC921F1F63310793CB30CE98BCB15C409BBB99985FB5BE97A027F", "39D042F9A19A2385FEA4FB7680160000B13EC9E215824E41A8F99B0886CFB75E", "39D4A3024CD82E0AB1412C8F0B7DE6C9C896CC59E99FBAB7A5A61175586A3211", "39E450D4F111F857D19F138C03812ABD7F598DD51D9F08A4C97B699481E1BA33", "39FB3D1F38AC89BD19681FEACE87FB4DAA9E420720F8827CC4AA35F63756931E", "3B0EC8CDD088964A3568260BC0DA114FABE453382CA58E5E7811E58B5E694027", "3B89A4A548FBB52BBFB9DB182C4EE146D4A3117872EA7C10FB010AAD3109C9D8", "3BCD5903C5FD3F0EA259204F5C879ECAC28CCCC64337C578C347C4FF55C1165C", "3BFC02506D924F46EA7B9C86C9E7F382E6D73A7B3DDA37606C182206F17ACE06", "3C30B0202351194CB5F5A3322891FFBD40CEFB1A0888749D8A360C500C32F1FA", "3C34CA137D675C01FA30FF52E4840DE4F8835BDD73CFE7BE14C18869DE46A7B2", "3C630E87CC8A98E980FC5838CF94096C676B99FA65014F79A0F1057053EEB9E0", "3C81335D3CEB6233E033234534932928C5A26581A9CB6C01E8B261AFA9EB6BDE", "3C85B3C7443FFDE0DF64A3D0D4869686417DA52714135E90BD49D23E0331CD9E", "3CBD6FBCB7B03FFAB2153B88078EBAB1B78B014CC3934D22A7E61CD031EF4C5F", "3CC25C048EFF153229D754CCC6D44E3776394424BB1F44D1F35AEC5747AAB64B", "3CE0DEF06FC9CE41C148F15E374E35024D02AFF49A540400F0AD056CB1C2A1C4", "3CFF13ADA1D4912594BB3AC9D0D9ACB17881A208B1AD8998A1E8BD64DD6C5268", "3D3BF59CC576F554C3F716540167D85670B56CE61C0AA690764AE05CC62E23C5", "3D737E91C4B3785D05EA6B518DF81A98A3D897F7446C9E2969F3A9E22A7F3BF4", "3D807184F41DD4D67FD0AC7FD4DF0820531BD740AACE4FBDB77D054EDC706CD1", "3D8540513E9389E52505EF4CCF99C1FC5DC8928BFA49128170D48087D1264725", "3DAB255772B5C0465CD2A50FC27BF93D482025FE8D7247F3C147E19AC9F9AFD2", "3DAEAEE070F4C1DB7839D49DF91189BB06DA1488E5E4F42B6EFBEAC2B059531E", "3DCB65329F12A675A409FF5460E4F2055ABEC5C568C06CEF5C7FCFF22450E2AD", "3DF4EFFCBD4398CD9D2C6995C59DEC9020B7665B1A75D2B23F0CFA94C34BBB8A", "3E24178C007E709BA47FFA90778DD34D7B8EB78DA65A804C849ACB792DBEEBB8", "3E4520A9DDDBF10F6B94F393C5ACDA44738184D5CB46AB64AABDC963283BECFE", "3E5AA3FA3F4F514CF3AE4C5A54CC56152E9D8AF2CA60643D41FCEBA2C2E4B4E0", "3E8CCF4018DEC5B3180F4ACA8021EB86A466CFBC541C230B457CB84ABE03F881", "3EA2C45E4F9382C2531F88095D1BC135577CA607AD54B9DD5A62C3E8C85EF769", "3EC89BA96EEEC8F416556D1CE3AB9277E84671E4CE4722F415CA06BC301472C9", "3ED9EC3F8407924DA03D3ABC905C0426524C3277480EB60950F0B1E4F641977E", "3EF4121185568F0E49A0F65FED21BEDF349907FA5E733E81B8687447DA47AE3C", "3F1B158BEB2A6498C34BD8E93E24BEE2A0519D45F84E677DB2F96B8A484DAF2C", "3F517C6EB3F580D15A8688927C2FEDE369F340156A939E9A19A6F6469765380E", "3F69F1D0D10816FD8495E0C83E350D2B9E6780C77327A103789FDAA73BA20599", "3F87B04299510DB46305863338E9A0F1914960F422CD52BBCEFC7A8547CEF17D", "3FF8FCFFF09A565008FEE8326F4D0C6F26E88F2E412A67694FA1AB9A832529EC", "40084B7E4E936ACD59354423AC3DB208112A49B2649572D763DB478D90624B11", "401C9EE46967A51D9869C058CA4D773D401CEF59A1AF69ACD5D6A3445BC1622F", "4045CCD240F2B35A8601219CE94DB09C4D73D63425EC22F9B94DF9CFAD2D1890", "40885080258231E0A7E28DEFC76D986683C25D83037A535976E59A3968D5A2CA", "40E960C4B69B3BC0992DCA14B0685310C0D6431B403E0338B65A7084D0D82E69", "410B839E6D329F22F972A8B24709501BCF62488B64922802AB9C6E47B25623D4", "411DE209066A00259E38D292C22264C2EDA3B961B523920D589433F42FB534BC", "418A4C8D1E8F2E8A923DFE2C36570B4A5EF7B515E050C0F19513AF3DAE7D2628", "41CB9666A88AE67D4A0558674B8CFDA62F160B6DDCBA3C10576515447887CF12", "423AFAE9FC7C08F3F5D13BAE5029A5B524704674E8286442D7AAA6868D054858", "426034655AF0D5F05280A267304C0E679654CB9A6C04F18D3667FF8437562EA7", "4279BA42EAEA3C9275FD7E26992F8BF20E317D8667039AE35C9E813DA767DA97", "429FCB8FE560198A63B67FBBB5C3326AB312665DA5A7D7D52D3AFD9DD67FF52A", "42B553A5257DBCE0553E09359217D9B58850595C4F83DD12BEB3762A7D09FF2D", "42BBBE960A40127CD1F28E4F70B45E60D02F09D9D2C3D9498AFCFB37870D928E", "431C8F74E1CA2C9F1B0016CFDB7C5755830DDC1B75D496DEBD2D5140022C7CC5", "432CFD8ACF49DF4442F2A221C9C2DBF70E36DF79F63FE59DD604DAF84CCA414F", "4337F9AE4A5A2285A37D88E12A5DAC941D106D987FD93F7005C756BEB07720F5", "437063148C0599A3C3F1CECB075FB83EAFC46606410F01E39088624674767E08", "4372F4097A742A1A4D3F604F34551B67F343309F00B588092BAFB57F73811181", "43D6A9E05A4CC6A06B189CA54AC124E51768DDF9C5BF0CCD807BBC3420EEFF39", "43D6C2F69BACC643553BCB8943CE09506B5D513BE314B3093934E9025893C9BF", "43DA4697F34CF5D5A6799540E74541895D58CA735AF6018C2189B56DA5C5FD59", "43ECF7C36D1E6DC475530D2CB5DF6E2047C49DC8E177CF79FA363DF0831764BB", "43EF9BC4B1A6B364F17E996DD161926D138459405597DCA8872EA7121211BC66", "43F04716E6B0E2BF698B22EF7A50C437F4D7B8FF87A1F35A7A342FA2BFEC87F6", "440F021094DE35C6A13F9FADEA7C56D6B4093B16EFDEAEC496EC398C5AC7A327", "442C87761311C31D585A27325AC5DDA28E7FA2C4BF9A5D6F3BFCA0011CEF2CD3", "444F37A66B1439774408C55A7653314698A2FD83CFE39018661304845BACFC46", "445B77507FDDB8483E5C698464BFAE18F37DB27F0459963CDA66D6E06C08A892", "4468F3A954041229EA0DFDEC7826E5072D285A00D51D9672AC2384B54FCCA617", "44D8A0FC51B0C6C747F474DC8CA252A3D6259653D4EB49BB9F17531305573733", "453AFD45C0FB61BE3943769FDFFAEE0550DDB1D0D2500D5137B261150F533162", "456C529F31DA6640A3957D0434060FC5A0B534D5248ACDC94996B73B3F544122", "4599CC9BFB88F4FC39276A8CABB721FAE0765199AC66526B71A332F8FAE2A39E", "45ABAD6EFB284B5875E6FF7B36122AFD25BFA3E168329A1F838EB473324A4F60", "45EE862A886525741A09CA53CB36F782AC0F17020C63C71E3DF1B5FD95DE8F34", "4600DBA554745E41F501FBBE617D5F724608BC9E47E4068F06BECF86BAF12804", "4695FA8F517C9073437AB3503CAEBE8F17E0386BCB5FA7CF2B4627643F254646", "46C24A5A224CF79AAA0DD9B56848EC6821AB61B43CC6A01829A66EE91E2561D6", "46D4B9F92B3C18E29E5C7BBEC13D92B5ECA31B1A6E3BE57749375938FC2B3CBC", "470931858A8BD9D9E13E96D18C3E2C11C117B0B7CEBA332522904A90DAA4F57F", "470FB53E20DCF01D3FF4FB7251C5868A5D215FF7480131C88B1F5C06E159D01A", "4743BBB7405930549833124CAFCB4F8210D235C06F94F92FCC643937B91D2503", "47B8DD30E1DAA082C05A1D60F4C6C018A4FE6741AFA0C39A3672352DDBEBEC9F", "4829928E4C7715561CB19AF103394931A0114E34E269A614FDFFC77D2F61D9C7", "482F7518F00298B2B6CC1C78CECF285E10C7778C187F6BEA8CEA0EBE3C7C4709", "48F32F0BE81F12977F3F77EC7A1B784BEEE2CB897C3A11E48967C396BAD27436", "498B9FE0AADA5AD01EAAA1DCB4B16943A2CEE45FD85CD673C7D4B6425E7EFA8C", "49F7F2695F536E0C81AD0E49F0334FC8CDB2358CB33BE11D316E6A55B3719FA2", "4A982423D13FD3C4884D3A9B9F8115B736B4D438E6122A9F2535242FA3EDFAE8", "4AE747DB5489D43007A8E810F6324C1362B13205F1AA6CEEC85C6A37B3823246", "4AFC322228CB46D50636ADD6B5AADB6C4BCDE235A399CB0768E40F64CF7B13F3", "4AFE6CE8CA759A83EBC77112FFC5A16709458542C68FA4217DCFD11E17FAD242", "4B7EBAB09AB01A6A2993819DB2589A79B0751770B2E5A63287320AA02BEF3420", "4BAA7DBBD4B519F5509C540F33D2C614C19A50E6429F416A1527257CB1B7FED5", "4BE7C753CF010891C01A7FCF49ADAAAFB5729B35E5E673178BBC9A1FC2BCBB5D", "4BFE30BDDE08FFC06253F80E424B5B9EC1414B2AB557CDFC42C49CE34AE44C33", "4C1B4BD646183F61E0D853B48D7B2EB19C68FB801B5EF685455E498D532C80B5", "4C800D760232A012AE25AED7F8AFCFF9E3EF3D9D48D3614E764CC6588F221519", "4C98F5463E3FBB67682E7F864F699DD4A99514832D6E44999F6672401F35C8B0", "4D1EEBDB5404AA57249676921BE250DBE3CBACF98A7A821C2EC56A672485F455", "4D4083B3DCF76307CD159ABFA977289BFD623C088D7406C26A2EE54773F4845C", "4DEAC0D874EB78E4A0BD0609EA48BCC7FE2F057132D365B75D09BA7EF3FC65F5", "4E0BEB340489481F7AA46EE15DFF9B390B6A1B6EF74EE5C5ADF2A68A56E38C07", "4E3B1B3FD8D96C587F38B91ADDD56E2309955DC55D7174893660272DD9A6563E", "4E95B5EB959CBE5490B90287812FD445A690A3158E83D37882EADCE4A7BCD44F", "4EDBFDC5FF184436785C1578891AA0B2EE6BF4FB944A333FD931E2871625CD4D", "4F01C0B61707270A1ABDE9AC46E85FB38F93C93876E8F606FD7148EBBAD57C5C", "4F0354316A7130E6686F17EB9BA1F675B6BCD744E26D94011032D2623136D20A", "4F0D086427EF9BEDFF8CD483782F99808694BB4D58146001416265F8130567A2", "4F11DD6523020C1FA257E50F0A4716068E2DCD481F4DADFA60B120A57FED7EDA", "5008BC8EFE434CD73CC857395C02956B88FB167ED7B444254C6E1A3BA346A1D2", "502D73BEF5F7DF49E8EE1D1788E89E357ECAE4B2AE6B53F66AF081D2A311ED4E", "503EC4AA08C4E3F9F50CED9EDFCA26510533FF79DA3DFB2BC8C3BFF7248C164E", "50C63CAB6CE7C82879629075DBEC583B457D2B0B2841FC0D9A8D67A25B64EB25", "50D29823D1F18CC1FB9A002BD0994315DDFA79FE8E446748A193B22689C93A82", "50E6A01BD478DEED9D4635F64814BCBD9DE715353A82634EA217E4D53F3DC5D2", "50F17354A0A89B52C1E061D02F78509C6F34AF2860DC46D6DFC82469E2AB6C29", "51579BA89992D0DA50572CB309B4978B6D8AD5240E2EEE1B504CC84D478BE9FA", "5214260A34ECCA2D36292BFC4C11147683CAC684BD8D0972FA94B6DB1BB05B35", "5248B9256CAD1F8D158CE63A6D338882538AB4CB774063A0FD1F9D65202CEB84", "5276D07236F09D5D4E1A38B4E304BC335E677F2639AAB1A09809E9794F9A17E1", "52A5398094130E1B0A40291225AFDAF806D3B8B80AD7F16F186739DA6E836335", "52CCE9C9DF1CABCE9FBD611F2F7371FCD808107B0670CF19453AF816601CCFDF", "53B17BB6B4108483D36CC58337C4C06C42C2896966B0B6E5073C7D4D83B647F7", "544D090170B9F688E773EF8FC8B1618EED0EE7044F85992CF2BF1A4A2190E145", "54FB6726805D886796865FF32608051BEE914B969DCB3300B1E662574A92A04E", "558CAEFC587BDEF89D8E0C2E6F57061A523DF2D2AF9E361BB2300F4FEB35339D", "55916A93299C26CEFD57EAC9B4B44B5429F1C0F2F4BD066FC478F53F694F6BE0", "55B312F2DF953395E8F31E665185E8F229A2FB4AA7956F73AA21C6BE4D286CF0", "55C6EB16408836E84C4255320770BC4F60934779CE325008D25B4951C20115C1", "55DC949F3DA822F13A2DAA3B5C90F1F6E231493688ACA1A0D271E8FF8029B057", "560B409DDEFB2DD2638B506BBDDE8D0FE455DA5C296A8252E8B5823037364CC4", "5641564DE1A4B9249AC0EED2F265EE204961C428F093EC99321D93DA0AA23C3E", "564B0C92712ABFAA4A166163C3C3E90C2F818E128F44887E3BB0DF5116EC9118", "56CC78C35775BE01C4C9BADAFDF799B350E98CF75CB5957993A02F3027111383", "5711509DD871227FC9F7CD530DA0E06F21DDA1D522E7B1C76AC95D3AD5F6BC07", "578E2A2CF4CADEC08CA16A81653391C4F96C8A20E3B94E9A27048E75ADDA63A1", "57A11B587849D0E11C412236D22F7BCF16F25A1EFBAC8A9A8B6F2723A64C8C41", "57D2B44B0BDBE18665618368148AA52E4651641C5FADC62DDCBB1A51F9CF8997", "58179EFF4F05BE77732AFE9330FEFC7BE5BB64538E25A7895E9B016C03DCA7D1", "58685AAE03A9A9D3682474C02B9A795A70F2D0020AC63FE13D215437D39C3CE4", "58C9C23A20C5D55610ECFF1953DA7C91CDE42118EE0F8DBDBF1D696C4A948D37", "58D992DC5C5FFBF330112FBD83FD93D0D471E71498684C99FEBE67B55EB5A054", "58E33C1549EB4DBC850E6823A153E89AA2B58543688B7109103E107A7E7D2EBE", "591E98996DBAEC8DA2E30D3261AADF9BF750C358714362A5B9B9F30A1AC23AB8", "5921AE7B573463F1C89902D53FDFC518E3B4DDD7D6FAF66D194C0D79D9F77588", "597D87527701B786A682E42DDF2E47761269707632B17C030D7EF1E817438B27", "599A8A2E36D1292ACD394C3442B78D3D323EE6686B7160B972508B995FF5C90E", "59E5F43D34DF262FF15826AFB155ED067BD4917DFF13D2742298B2CA01F4401E", "5A194D6539408892D9ECCD3CD9B4E12014FF563468822B69B25B75C55D4E86B7", "5A23BE34322F36780B2821378B1628B3331997E99E3A9C4B3B0067399EEBC3F5", "5A3DA932C26F9CF8D17B19C1875F653A0891006E087F0D4CB859C81D0D875725", "5A5125564C5E6100B8631DC69D64BB29F15CFE14C3E6A31A6DF6AD6E3808314A", "5AF3B361FB96A8C131A75E653F248F2718053AAE3D89201E702452C44DA2BAB9", "5B0D973A3FED1AF2D6DC61C906D27DFB052F1D42B4263EA8695D5ECC3E5F9F09", "5B1BE418E2831820B0634A19CBD0A643514D93D8C77F89174D56B39131B42CC9", "5B26FD90EB9E8DE2F0D408077305F80DFAAE07C63D10D4B5F66A6C16421AE7DF", "5B36E8E4338E5CD687270951DB2D8FB1AB6009376A24C4CDB391F60D5ADA1259", "5B4178FAC241B34E0ECE6BDD0ADDFE951DF019FE8D8CF3CEFAD6209C0F71C323", "5B4C19B2CA9D2714AEF1546FC810D709406148AD04288568A5EFCF5FDEF9B2D5", "5B61A8C776F5DB5A9AF0C13607CB60BA8EAB34C3208154E6FCEAAD0857CCDCEA", "5B64BCE3EE0E68F7C1E61B0134954FDB115D5AD76AD549C8F967018D7BA777A6", "5B90DBC6B1931AFFD4193FFD091D072FC75CCFD3F30FCD4F2360610AA351D363", "5BA72E3DF4F52C4F4CAA4F86F92A38166E8CAFDAD00AD77270A13ABC5FC4541F", "5BB22F4C1868B556B605FBF0ED749764292E8684376CBBFE3867A8CEF9F34C77", "5C645564CF134B813C19305F61175AEE2FEE5AEE2B4783B5FE0997441BF96E16", "5D08D7A9AEBCFAEE780CBA3B17DEF6F43B11C6C3240A5C8833EE33057CDB3079", "5DB2E519AF6A44986FAE300E5FDDBCEF984C505505D899E05EED5F1A41CC440A", "5DF1DD441A05BCC49D128B3A86617DE71345613946448B1338EF4969D9FC29A7", "5DF5E5A91AA2DB4D0C7031ECD8CC10D347CE2CFE6C74300A891EB1691B2CC8F3", "5E0A7E1FE96B626D7FF1FCFB9653CCF9168905F49084BDA724BA63CDA00E1A85", "5E25019E32387442FCD9EBD9CDFC8F2A22D2B34A0B4F9D2617E49E19A38DDFF0", "5EE17E6FA7B2E867293769D2B457CC1C902CEA1D9C6F97B78C2166BEB5DBD8E2", "5F372B6F223ABF2FD142C3E3D01925FD31F6969DB13DA5F9B4220059E5854A64", "5FBC32666F838852B68EDFAE1E80838131FB36A6D514D59814F0D4F49926D8A4", "5FC14B41F4F0B56664EF9A1F7C711364D3A0344B2A64B89D0CE1213C7B44428D", "600EA5B22FC7BD69617B5E61D7615BE9EF12609D30163BDED4401B10F1C853CB", "611E0D0AE2D7D77CEB7988BD9450C02851C4DD87B9A71AF1DF286B51B81ADFFC", "6143803B3BA40C7530457C980DC767312A530B4633D43773E75FE39165A523D8", "614CE7CE4399E98FF56C09CB880CAFF6CBAB72AD914C112783843787B656D22B", "615E4369D0B07E7BA358AF447BD05A3ACC0720A255109ADB57E2A2080DB3607A", "618977912AAF0DCA5FBB71864A1A9D187CC967B0E0C5867770412440259ACE09", "61D1DDE868ABDB42AFFD2F81616A3DB859203FEA89F76E25CF11A65B8B96FBE4", "620AAAA8D7D0FE3187CDBB17E96CCB75AD90A06BB0CEC0A6F43E8E2CA7E9893F", "621A492536FD0DFBA370A0EA8352863C92C02102E2A7C979D3E6F2DB59F56A53", "62B157899AFDFE3350565CDE520C60FAE6A0521AAFEE76BE82BBF76A02C1B3E6", "6303DBADEE057709C654DF5F5232AAB673061979F73C5434D17C7C2EE4FC8C78", "637F608901EF8B9FD34455682320A8EBC1B665D4F6B5C7F53F3E57AE66C9AAAA", "639EFB1CB00CFB0C68EF1E313371BB869F72178F7BE3310D53BB3C223F2F72B9", "63ACF9BBC292DCDD9F48A9F8F5A37254090D93551737FDE9DA1A7B3D230EC2D4", "63C0560C61FE9A9777F6402C4988E794A31F66C8118AFA944D2596065F5D0454", "63C0B2B3226E3E98449887AA89E81C9B35F422CFE5D67FF9577B4EC869D9F5EB", "63FB87BD963C802AE05248A5B91A820121637B32C6439BE3685C2E1E04098097", "64718A406CCFAE5D2AF591487FDFB0A189E939DF11D8C72E30AAF07C12098478", "64ED9589C1E5946B109687F790BF28B004D107A0751658576B78487573777400", "654F3603785F612FCB89C4655C367EC60F72994A083FCDAAF1A7F63C68137F21", "65C42397FBA72329B29D3F3DA19F17B8C560F1F7315ADE581D61C71B932F91C5", "65DC12D6E8E0D53E6ED0AF1F356647C749F500509AAE6E4435FC95F00517F01C", "6630F4CF8B10B4B1897C49B39E94913B1AB4B8271F7B40E06CDEA3243856D366", "670A4E33560EFE05EB04F9CBE20F136EDE42804FDACA77357EF37D09EF210A97", "67930E747B920B4F41F064A6F116CD8319E454DCBBBB109E204714964CDA9945", "67EAB74129C18C510D45A8BE4796FB10CA7307ED79A3F5B643D86F3CC71C8995", "6858032AD0022691AF88FEDCEF29BB4CEA50172EAD995CAB6463B91C16637C1C", "6858AA6AB748D7D24AD9C700D6A114489550F0609E93B0135254CF98A904CE65", "68710C7D1422E8076FFFEF97AF274F1C068F8CFAE0F3C86E3B98912A66B2C725", "6877A290C4E483A82EA8A166F8741992C1817E945A9A02B43C11E02EC9E3AAFD", "6877B6BEB4849B4B82607B4EC0EE3C311BDAE55AF75B3A502A0407F3A6306AB9", "68C77664327070460B17AF10B5AA600E8E7E2FD783142191F4CB257175711874", "68DBC189ECCF66151D979CE51DD24F6706E1ABC5421889D2F05951A52BC7EF67", "68E7DB3D7E398B2706226213F9B1A94ACD374A065EE9538BCE2CF140B065CB08", "68E9BAAF3EA266235C886E8B0D6BF81B1084BA2216BD2DE0DE75FF3C22A3CE53", "691466DAEE06683E49687F1AD61B1DE274EE44CA9F6E86B9BF8D7D76D6346999", "691EACCFEEA418D05A9DE092C75B17384AFDD5D6F5FC9DDEBEE6BB5ACB471C7C", "6925315278E87FB43413287EF16CEA3071D75C13B8D35A1D7D43F00FD9F6E90C", "69A33AEDBE4E932E5FE8DAF316659D9FD18CE8CB0B9D2C1616F1017A6571BE15", "69C147CB642B39AA3250947FC1868ED542CC9C2C3BED4BA821CAD9BA0F178E84", "6A3D77C5871370931B8EF09D751C43CB7D88D1F4949B0388D3B5C4A8EB90C83D", "6A663A681263595D2882F213BE03BB05AA8F62FFCCF602AF57E6778E2E499DB8", "6A9F30617183D7A0ABB599A05D4D81DEE142C73FB0C46974B6E6FC07D95844B8", "6AB5B24B612744A794E7F28CC88F04C811F4BB9710FE31917EFCB65EDDDF7C9A", "6AB7AED90AA79B194B687085F0CE57C05ECBB69C6A129089690FA117655DC8C6", "6B71E5299C30CC8B6F6A4909DF4AAD8E6260347B9FD2774D1B0BCB521E696872", "6C45A29D024C9D6F0CAB22E79C478F9FCA9379B61519F60C5A7C254D98E20DDE", "6CDA9CBBD4E668C70A53BD4F7D7CDE00CF73C49E1D8C5300C858682BFBB02BCB", "6D1266D7512253D04698EC2DEB85B8BF906B1F2E64F7EABD217D462B19E8EBEC", "6DB274E6F7EB4D6F538135EC07CF4443980A5C2FC8C1652E16833E39D5F430D2", "6DDAC3C323EE630ABB546DEB24E192BEA5537588E8C2243EF23F77D1F7FD1AA0", "6E8AA7DB116D9A386BBD74DD92885FB79C7B6627B795BAD705B60A761B85D327", "6F2C088BF5D78FB804760981ACFE38C9CC104BC5F9390812E5D324682512AD45", "6F8D80B13301448C85C74C8A2C427E27F46F87CB1E489395B73A87EFC4FF7160", "702CCFDB421DD774CE616956D8E276B5B59CD79B66C5263593EAC3AD911B7900", "704897FEF5CE3D4AA35FF51AE237FF23A83A38E10F9597332BAF89DF648929A5", "70A2CBF98125BEEE9B6FA45636E2C3D920B9596464E0E4188995EBFFB8348ADC", "70B7739033C3AECE16A69259B7099A51CDE995000F025772BE88BAEF50611598", "70D8566E5246B3550B562DC69BD9E44914B7C5D0DCD3C21264DA9CD5683C56E6", "710FF5E1CB4D611BE20AFA763A2E55BD61CA0C044D0A9E4193229B1B1B213877", "71A0E260D835E4FB784163408D486ADEA9933D2BF29E0D594920C0DE72D440F2", "71A473993D401FAFDA20A063C958EB3785E06B0F2833BBEB5FA0B1E2E3123139", "732078ACDC6764E165D318761AB2A077ED1DD347047F72351BAA5F9FD5BAD43E", "73288A84B49A641505C576DEDC995F44E69001C227078E86112664767072BDA2", "7334315670DD2CB11A3544BF6ADDF33C038F5FDC7174D76FDA618631B3F74B69", "734FDE9A6D820A5332D7EEFB5A4C4F802ED630CF06944C3F401C528C04ACB9F8", "73613052C113EE53CC4E1916471E2FCF495F0A7CAD286D9F9DD528B4EA3EB491", "7367DC4E851C441158B6D03385B8816CAA6070D68ECB06687B1E668E37BB0C39", "73A4E74D4C42B6050D535B368ACF1258DE6B4062962BECFDF4315D89AF7480F7", "73AC0A21A1C1C6C3987AD6559B838B31C02E7FC2112C00D32E18ABA3B130AC8F", "74157F70C55D5699B45F201DD61EDF5C806443EF31D766424E8A6EA6B97CD461", "741612F3AECC80521E78432A56565682CCDB1DB3C10D4385E8F9385A93F02D66", "750AF6432F6476D75E53148C1320B292C1009046C8733595D70EB7AB5F389E6D", "7545FC6960BC08536BD63AD777890D26CE8FBACF18C55DCC74C636085DAC612B", "7560D437DD0C0AD308430AD43B3F94576F228230126D44A08B79DFF991CA82E0", "757B616252D9C5ECF905DFAC8032FBD7AB4A8DAEFD48C0BADFE2734A2E87D1AE", "758B7885C4546A819DA2ED0A4B24907EC9FC839D6B58E3B0E48C50FA44C37345", "7622DAE97F6786E7C79F60BC62B9993720B5758BFB61437DDD6E0A3A04FBB621", "762FDA10CF603CB5AA2ABAED2D1D37CE675376639C5F57375F75138F0CBC6C79", "76415522829E96D2199B1D5D63817545B42CAE7C008B9902D48D11CAEE020C66", "765EE754DDB2AFC25A4F81B453619E8DE782835F4B2ACED4DF8CE43B5D4C10B8", "76AC6DEC247D90003449FE82EC111470834734289D461C4EA514FF0F801A5EFF", "76D2FB745B2B59BB95F9DB0832878979E2F5CF5B7702FBB0C2AAE148D0F2C57D", "76ED8A969B89E917406E6428B20653B4CA4683B94EF0C818185ED8F868517B34", "76FA12A14D94277858DB1075CD6A9F1E4AAF161AEC3B71FC67679D638C279BD5", "774E529F1CEB73A24DBF6DF8AB48E58FA90E77E5C6F1D88214997D9283C7C4BB", "77C6BF921A5EE4D83AAD3E81B0714C7F02AA72F5A80BC01802CC6F1440DE7948", "77DA9A466A7C42373FF7E0F4EB5E62474CCAD685AD37FE9457EFB7AD15F923AD", "7895B724F1680970496AF062C19684814ADE3581FD77EA5ADDDB469DE5DB3834", "78A1AA578EAB987C7FC66FB0EFA51C387F3345AC899359095B82B610B2932155", "78B5CDD949B0594AC0F181656CB6536E0B075D4B064576C915C9BFAF10028314", "78F585E499684A44D21982BB07C498E010C527FBE1866DD676965E7AAD25664A", "790AEE8158E5072311EE0B1D8C1CACC2CAE27CA8C7B75F39AD990B40790CFB8C", "7911EC80C28F7BE157F66EC6B3E35B2999E41F97F4299CD83723DE004A5C5CC2", "79211DB0D4922EF5411F594D282A4AC734904DF0EE0D8FAD7FAD5FD2602AF8DC", "792281EDAE598F9BD5CFF8654A4B0CA05F1A44F2380D7DE34DBDFB2038BF2404", "79316DFB7D2A1A5938133AC6C009E21454C138AD7AF996976083DF3725FE697A", "7961F87E0E8F84C55851503D0689DDFA80F593CC6B23B74D2DB8021FD4DD9677", "796C7BD66203703C25293085A64D664CE24B1331ED4007E91E708A8FF31868AB", "796F2C51B8319B8F5B27C4E255E73CC0426625F1153FF80E70B99CD9664E6699", "7995C63D3451A7C3D84F616783736F8B888530FC2843FD646CEBBD9728452806", "79AB35979F86FA676B83781C896C314A5737A2F8FC5AF417AC6E9175207D4582", "79C9308A38227EABEE316B0407CBC46021561F829AEBF9659F93085D4FC63547", "7A11753B338C15D55DF3A1597718181B984266B89FF9EDD1CD2752B056D40E36", "7A806C29DA101B1A9614FB114759A0C68BE33D8346321221ABBB6A0A5E0659CC", "7A811732B34C1BAA3F2209EA69EE01FCACF762E53C22EAE8A8FB7A45B4E7164D", "7AE0AD6D1DAB3FC37214E1A0FCAC4D74DD7278E9BEEC70EEF549EC606CF6A798", "7AEFC9814578EA5DC2EFFAE9F289D2307A840D9868EE8B6CED3F1E668F7010FC", "7B815188E16C52B322DD4246EBAB0FC7BA3EDE14D3D566E6B024A1EA3CA43349", "7BB3B13ED998CBA6BA07BEEC944B8CFF6DAC92CCEF1D7F6E64E9E8CF3D77AA15", "7BD03C97D3450FEAE4EB4F8F33140691B9F85B4915C83AFD5212FE881A12ADDA", "7BE38BC9D9063F34BE9B8AEC73F5518E1D7B0EC8F35109DB2E64EBA48061A6DB", "7C036BF77327D3E6C047144AB3972D81892E537DECEAE5F85E24B96C2ADE9094", "7C371350C79C6F7596054D8B19A4BAAD069A8ADE699FB847B44E70E03F3D6988", "7C51FF092E4C45F21CDC251F9A0E5D39CD4453077F324B214BB91EC1847F4DA5", "7C630DEEF9C025461097DE30AF143B45E948D8E848AEF027D365F38629529B0E", "7C70B20072182DE266086A52683ECCD0EE4986758F74511D207FD42EF5E5F0F9", "7CF53FE09C7D25161BFAD59060E2F4269BC90C0B892337805721A0FE0A9BDA22", "7D00C48F10894622185C4C42D5A6310A3C85BC93DE80DAF5D382C1114434ACC7", "7D46658778E442AD0D43B74E767B5638C73A3147A2AD662C6A1BAB31343A96D2", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "7E4E851053AF5C2BFADF66AC8494971BF986538EB9E1BEE4C5D8B83D2DB1BBB0", "7FE72ED4C858FD4F010CC95764D03AAC86CD4C73FE6C4B388FE981C9E76DD0F6", "7FFE40F5B633426C3CBE846BB8D9B337775862E9805318C0DF7E41BB416FD4C0", "80489411CAB04FBDC8043529670BEC2C45004C175864AC8845B7DAE26D981661", "80552BF7C2306BAADE213DD9BB061300AB37A69D1C5F3B5D7A4398299B8AE6FF", "805F398ACAA1D762CBD1274F2D4D60F5556456BDCF3CB982B1D1AE756AAB63C3", "80731207100F162463213408865934074FB6F90A02899CDDF26F0A28EBFC1578", "80B453AE505CC102E347D060DD017A64258D86E11FE0054B8137457109AF54FB", "81B10D91CFD24D8AD32045EA37C1C70BA487C10114897C13A7FB18E062EF31A4", "820B1DD869225ABFDEEE5645C1D3A0F396BA3FC9E77C88E3D91F1C4FC0D9B8E3", "8215E02FB88590F4B93468E9B3C6A2785DF30F06545A788005F8AA267BB66470", "82F6E09FA31D9A8E5DDDC59AC1C32205529AC480EBA906520A4760D1736A4362", "82FDC3DA86D65A4077A1C04DD55BE0800DE506A652C32E1143E93DFFABC0043B", "8325E2E8632F22E10CD653162D8EFC2BD56BD809EC2298B08EF585D287E1CFA8", "833F038EA012E49B66C7277D852FF3F66AD99AE6B1EB2CEAA9282B73DC14C605", "836A27F9743ED684678C788BE796BE2342849FC1BFEA83E325CC8E33CE61FAE4", "839F371B87C6C1B7E2DCD5C3A8BD19F178D93671B15DBD8A4ECC452EA553DF43", "83B53506562CBF4BC038C2AD61252657D2E636B6245E599AFEFEB3EB3FCFBF2B", "8429140B2ECE4395F113F2220AAFA30AA5A6BAA3C97CF6BAB2ECDBC315BC0789", "84519CF7C0BC0BBF920A3B4993A25CB95A81E31AB442E7DBDE6518F330A967A1", "8451DCEAC7362310C8EAA923574AFEAD09CA58D139A870AE0ED1E3D11764573B", "84A94BE304846AEE39BE41ECC9CD93CE498CCDE620677470F14A00F848C825B5", "84E2ED41B3A93A8F424B262E6B39589E11CB2F5EB34E5DC15826632E896C5A91", "851927E9A914702A95EEA9454001ADE50D174413B1489EE879B6F7BC31E5784D", "853CEBE4F06FD3A5C0463E8330A070AE32FCC86552F66DF27BFA39F37FB08C35", "8585A81D2C6357431DB37ADDF4189DBBFAC913BE555A9B6483BF16E8E8705C85", "8585F927BD0C07D6190320B930661656BA9F41A82E8C287DF2F865DB1DD4A1DE", "858D0D998DE9CCC21C74DA9438BC40E1E5DE13790EC10F9280C890FB222AD7EA", "85A2075A0F41DB332B46E707333DDF10CF16CF22EBEE59284B70D4D58A5E7D8A", "85C244F40F078C64D61F63F2C6CB1A6851B539CC7B4530BE8884CFAD733EEA2C", "85C3B2D04CE2F594D0E589C41E142F3F1AEAE7608B5954333FC0D8C3DFAFCC37", "8649193431A71228BC32B0BD78D31629CEE17377E0FEA3B72BFEBEC9E8B5F648", "867D9ECEAB40B111EE25A99AD07419623F566D5212284F0A2C5C9E2D13C72DF2", "86B4E58A1C89C33D4BDC1FA672CFDCEA2C02B7EEBB7CDDE06B9193EAC8D0B7CD", "872675AF82ACDAC1F7258F099A712A59592C093E05C6D677D20EDEF5FDEFCC7A", "873027C90666B31B2B861C12FBC21902D0603FDFA39159346F0392F7B92BC8EA", "8731F85B75BA77CC3784CD784E98484D53CD189EA60F1F57A3A4EE351FF62B39", "8746750F3AD0F0BC9622A666856A176609E9CA437C50C11E1F497B64848858A6", "8759A08F8DCE05EB5B0136A785BCAFCDBFE613A7D435C0FA20FDB4424A7CAC70", "87B26C2B63AF8A971A79B4CB2207EC51AF74A57FD839002466AFD594F7918F65", "880C8CCFEF3637D915CD2A945EAB6F29F1CFADA9041654A93101F51058EC852E", "88D4396F5AFD082566BDD5FF95312101BB6F94623E716D993F113380B02DC7D4", "88DB109D85DEEA4A0B517A3CABF8FBBAC181B5D301BBCBD0EA7DB86C6BAE85C5", "88E396C29AABC664ACC3D5B0A3797EDDA0587772D5D9F452A2E356E7CC5BCD5D", "88E78C162C87E46AC4B2CC4D6F5E6676E68218C6F5EF58D37F1A1CCF22E70C41", "890628A575E88DA559CB7D8A6C87F7320A032F4AE381570BB13B56E6A2163D7F", "894F89CC3B07BA9115ABB430A1A8243C856F90F0847CE571F11DF1B1D0EA6024", "89680C8187B72629A49F5B9DB6180EF763F550009996675B378E43536DA36915", "8A273EC5B4E0D267BF1325C598530568659C444C274158543E88B980E7356184", "8A3C4FBF20635DD01A5B58269ABD76FF6451A13FCBB437C76C92D2484A5C9ECA", "8A4B8F016E20BE062D275D1D7DA531E398846FA5F653F9077E943F8758AD58E1", "8A621D7EC29CDC30D62E006392BDC867B806D0CB2AC163E36A955BF3F53C7DDA", "8AD3371B44D7ADBB4D07C11C71F4D7936BA847B275560A957AE1E42342ED2618", "8AECCBE0CD244EF2C1818D4560A2112EBDDE17CF922BC7869D4367156735AD72", "8B2F146E8C127785ED0C10AFD9005AB9B4F19514EFA350E8732DD44E6A768E9B", "8B54C1BD02DE3FFA332464B98F214639ACC595F7D95D9DF601239E8405E3579F", "8B65B2D389AC6D4B8DDABDC2C07AD570BA3BE907EA6FA4F956423A3FB683FF0C", "8BAB08C195BD6735BA71DF7C8BB53B789422E8915269613341EC34DCAA7391C9", "8BCBD94EDB7DB8E7DB4FCA2F5258772F755CFE8F36B82BB312D2E119D0C55278", "8C13A93038AC136772B2598C633467116BF44538BBB507D836B65485D5AA47D7", "8C148980AC69471DEDFB6A46D2B0CD762634E194E46EBAF4E3291DDB3B89C7A3", "8C5F9E00411BC48544E09C07DE0A9332CE9F2162272F1C9EE415D926FE3F077D", "8CE12C442BC8EB19D945F4B8B9BD0C78A688BD7889EB59D339D4C9320288F98D", "8D5E2B88D45BBC51C1E874562BD7CA1C628FF6220F99BFFAE4FD6ECD4E193CA0", "8DC4BC14CB11B8A530C1F8F3DAB35BF9C4512CB51E3B2DBBACDA335B0923BEA8", "8E0AAF010EBF37D1F163FC08D65BD399EDDBF518CA20FD163ECA87BBC1970535", "8E4DBE94121ABE32EB52144CFDD57FDF0D6884516B0DEA8E9B75FEDC0CA31C5C", "8EB2C9E7DB5013AD05B30490E2989C17EE64FBE9B0024B1E76805B1F1B95B816", "8EFB8A654D3536DD4481500A7680D75E0B2A04D2F63C829CAE130B12A35D7ED3", "8F4029FB0B0C6E34F6BAD16EE200556C2891A6014844C1E68BCD0D835F748089", "8F771C1B03F309F552230FCF042B549ADB2FE67E37C0688ACFB548541496FA72", "8F879C06D40BC6329D80ABEDCA5D3CC554195FEF26DACD9AA387DFFD5A8AC21F", "900C0C5FA596BF6865133CB9A30158FC9F15E5510D3A1E1A7F4CEB6F509ACF07", "9071A116E86B1C667F14BD5B842330C2BF93ED1CDC0752CD908C4FBFD1667205", "90AFBF384AE91670CCCD400515C6DA1B04E592E2A5299BD6DFC92E3B28445888", "90B72607FC15B1F844110A335A4487D01DE26FAD2616B7249AA74D1FB329DBF6", "9180198017E53C3ABE300BED146F25E3DDEE3F2933FD128F75729D691DFE41B1", "91C2C4E11969518B70A8C8F53536E1FA71DEC6EC24848AC3C98F5843AFBFD45E", "91C97B22F80A940356E2E462E5451EF9CE2AE0198A3D31EB663A8C2AA643B69E", "9214CE38F1DD3B6CCA3C0A0D3903A565EF865C916F6409B27D0CB5862470E985", "9219C124B39E6D8D77D8BF65C94BCC257D2F8565063C09CF1BBCC841B2DED0FC", "9236C16A24BA84E07FA1B5FE61AB69610142241A7BE4E44680058F24F4687159", "92382FB59C0596112071B1E03C04FC788E98F70FDDEA35D528CAC611A1BC3B6F", "926CD83AAB7DA7EA60F3ED2C60C4D2004D06E2189562B75111B63EE52FE070C2", "927574043636074428D17160336994740F88B51BFB550D862B468C577DFD1F71", "928074C54D11212610E49ED189FC8D5A80197B56A5E700A8D2EF896341C961F2", "92827765BCDEF59BE17E0CCD68621CB1F5C8F19FCA6E6A9EE5B3968572F27BAE", "9287DC96C9B40D0A7179453A5EC2D0BE55F127E7E426072F9E2EA5EEE0F66E7E", "92C616799A38917F3F1C44962428D315FC07EA3A8878B8244D3CC7AA47835556", "939CF579A3478DA004C0DC63764E80A5A7E567E4CDC2FE8D1D3D9C5336892035", "93D065C5537EE88CB4202A0816F541E577239278B75B1A2CADBB5860B5CAEB59", "93E6CE7CDF725BED97B1AAC0994B1F9EFD356E5E2E4CC74453BD85130A91F506", "941D36126C161E897EEE14AB02093B1D10BD12EBC7A865F0B3C3255209B0E770", "9424FF0DCA24FD80FCCBB2849930FED486938EAE9D047B732042EC111254EB58", "94BC54BD6D495FCA60B892AEADD44234672BBAE7600E12F0E4C4340ACC5B17DC", "9591D54BD9EB2696D4477536CAA21D51DDCBFE05904BF71699AB83EAC3BCE37C", "96172B0289A3157617DE620C9610D6DE694BCA12DD20D67BEB2C4BE5720F1E6F", "963D20C2EC030B493208E1FF91F23A1446CBD063F7C0A209E567CA1EB76C8448", "96539A35B42B77FDA9229502272A8919C72C93BF7DE16900CECB40C1DF7D5A4B", "96E4D95F15652DD6FBDFAE305505663BA2700F82CB47BFE477129F5E3D0B258D", "970FDDCE850E0E2FE3639BBF29E02DA879EC48839EDFCB87B3C50CFDF9341157", "972701C7DC1452FBCF01B7BFE4A7289076C9DC38C28E80665321248205EAAF12", "9765CC2CD4E8CF43C86EE7859F7012EB2A38E6A4A80E55865CD6E4E883D3188A", "97C2B9A2D59CD6A65D12AE8F202F45965EF49518D47777F8C390678C4482E7EB", "97CD369EB3BCCC1F7A3B67233E2738504AF5A0BF28934C3143213BC44F6DEDFB", "9872D764206750F6FD9C7F555D6B4C23926B755B4AE368CDD8485546CDEBC462", "98C2299E82C81E1CC3EFB8629E8262393014376C64F3F09018090397A1EA00AE", "99B0D510DA64E0ED9DEF1BBC23744F97A1E9BC7736AC180AA9AB508DBFA55A4A", "99D003017B71F5B75E9C95B642A3DAAE40B18DC20129E9E9FCED6FC086965F81", "9A0E7A3EF7BA908A6EE44D54E95A2216ECAEB5DB8CF2A7AEDF18C8FD6A33DC54", "9A88F4139EF1E18A65A8ADF6C7D03EDB323B77B07792FE8E32EAABA7D0EA7E35", "9AB197C5325BE0D97455A820FF13E9BC3274B5AC4ED78089D1E8A5D436FEE3B8", "9B29E95933D7FC3EBCF270BA84DE60106B20376EEAFD5D4DF4DCD949178CB0AB", "9BFD97D0B2FA510A1941EEFCA94B44E28E120135826959B420897ACFF641F28F", "9C1D1FE90E2F187821C270EFC3B5F3A57AF88428D8DB76F072CD050048739C9F", "9C6F1EFD064B98941F8B42A32A91BAB15206AC55CF09BF3BAAA5925A1B9B55C9", "9CC98367A213309185EDA7DC75FCDBBA5D5754142F33E0C8ED1B454D10CF416E", "9CCEB90B89301ED91DF7A501EF3103FD54D3AD611D342CF6E4B19E5105E84E35", "9D892AD714895E9B8DA3E59547784D03B32EADD3AC421AB0003E3191C1AE27AD", "9DA73CC5147E701B533652A0068B4E2BFE81B34DBA8031F8DAC5CABDC89C081A", "9DB2AD35AE670630C0CD7CEC01117F187DD05A689C4C794782D68919FCF1046D", "9DDD0F190508F2E7A5678CB2D1EED7DBB6DDCF4E86557DF2759A163E2BE27792", "9E1596BF3E1DC037215E2350FDB81881EDCE2CFB3D25FF3758DFC8E32A9F7CD9", "9E1C120D680174B941C37E7C368CEABD57B75C199EEE0AB8754036EE68F429F4", "9E3B1F6158EF5703EF54F7C3064A7EB99BF9523B8A6CCF05475346791179C879", "9E53A4688A7303B0B9F4CB55AB10948257FC5A05A86EAEF25FEFEE9C24726842", "9E784F7DA3AC45712A757C2895CAB2ED940DFE2C11EA30A202F0A84AEFBDEBC5", "9EE2A2A76244AB36DD57115A1BA2CE358055D10D9DD6C1C5DC6DB4586793C9AB", "9F3A4D3D3968D6B816E9E228C328435F5647C85E34542030CA1FA338A0D0E13C", "A04FE2EEFC21C3A9305B1CF7463C731D28C17EB5521A8E54F5F564939C5E91E2", "A061041B46187FCFEBBFB87034130DA72B29436DCFD2D239C3A2AA980AFAA845", "A07AC2557CB22F1AD81AFEA67E4FC50393FFA7F6E3BD50A79847D93E26932D60", "A09274BA1A31537EA391724E8C52797113E094AE9E4EAA66FB5A50D995921587", "A0B8D53AF066307D9450C78E32E16672B7EB98C4F5EA3955033F6BDEB182BCAB", "A10131AF2A1C92FBCA95D8CD6AD1DED5E4C1B28CA16592953EFF35B79B9C96BF", "A10E7A45BAB7A017FB419F00D57064F9A2482F36ECDBC49D11E209F1CC8D8A4C", "A1147280D91C0EEC561295F1E507A50465B253A0CFCE929264405353E6651D70", "A117FD05762925D936B7D3C2CDFC14E84E601A00B488EED04331F22B9C452C5F", "A1C2FDDC97DA92C8D640554CB425464BADB8BA0B83C879D3365DD5825F6042AA", "A1CC6562C17E5EC673E948D2A2BDC81B95358B992FF6307244AB513E68831007", "A2517EC145D95278A8866855009EC2BCF9A702C6A9E1E46B6A3EC8B8660ED5CE", "A2D99883140C7F5EE9B1EBEAE7F0540992E04F6263F481DB5289C6F803CF9EC4", "A300040A976BD903CB98034503A98B3DF43F2D294FC41B6768B774085FE1C2DF", "A38279E551792BA29F1FA34034CD64E94266819C4862EDC7B206E7A748D269FD", "A39D3540C104225AAD66C6616BA877D22932164D44D0EF358E4EB165D80277DF", "A3EF30F3955AAED701BF16ABF8B0431F9C71951ABDCCC4904BB0F9587583D895", "A3F81D2285DF9221924E5104EFB0F98FF72F9D472D339274BDE26E31B0BB2B18", "A4167E89DAF98623836F64826EDC7413C8B06B29A2E76A886419750438EAEA04", "A466FD9BA194DEBBB31B5F86D96ACC834DB8D8411ED91AEC295D80AEA1AB2E26", "A49F8E92510CDD96D8127764BC310529CF44A60596DB14352FF329575652A707", "A4F4814249EEB83740798D9C7C6BB871AF558EC463C3BB8196084A33B32762E8", "A4FDFC527D8A765D6247DDB806EE98612DA0FE7BCB4E133A742D7FA9A06E39DC", "A5BC11051F1181EB8F4DD5FB694DF480D0AA76BB5518840E514F5745714D64A4", "A5C2438D486259D32A3967E8589E3E2A403E7300E57638EA20ABAFC4CDCF7765", "A5EEA86379F5C7D3A1EE992802D0C7939167C5B685ED9FCA507342C3FDF2C7D8", "A5FAFCA4BF3699F5B54B276DF6FF0AA0ED779D062A51E0CCCA6B25591EEE0524", "A61A7C03600BAEEA25554A618B0BBFBD3F094977AC0AA1CBB6157F65B3293484", "A671867F3CBB422EE62BE00E2D282D76AEA93D06B31D0A1F67C0D9916D0BE505", "A680EBFDC4DCE13AE27B0B462408F852FC2F9FDE5F7B3153436202A9BE47844F", "A71AFA4E20A54B2503C4A5DE40ED960DD9AFC34A35D94A0AF40474FE8CB4047A", "A758A1B10E085A8CCD4CD2CBBF9F9F41944540C517465DB005FDFD0DC4569590", "A78040AE5CC586449162ADC8068F3B4D767037DFE1D376F0562F9B1D726E247B", "A7B2D28F1E3492E411A234E996E861936D426FE8647F79D09D85E4989FFB0C19", "A7FA78453E195912E6E00177F5DEA438F5180FF8434F182B2A52925D99FC4649", "A820AF501EAA723EE0489D80157784B8643DF089A50C2810F96ED3148B400503", "A940972EE8C6FDFEAA789156E684C0D5729686CEDFD51FCF6C875BE8FF25FBF6", "A965468AD7FD6E0FC84AAD8198928B8ABF25FC38D0638161A79D59279C9E678D", "A9B608450EE2B2505174F8F497D891A822A15EB84A1C302BA28DE13FA45B34D4", "AA11CFAB9941C6333AF034D50758033CEAE656316109646FCB6E944E89E4EBBF", "AA3557CB3BAF6A7C4A98FAF61BE903F239DC3CA364AC1F9649F19AD10CF2DCBA", "AAB33C4DC6D01DC6360C3582A5270A96DD859F1E3987D967D76BD4A5769A09CB", "AAC5884285F652148280915B34EFB197A86E311F7A92CD8646BA70EB843ACCCD", "AAE50909D8058934D5CCB989B4CEA17B72CABD2BC4CF08576581EC909FE087A7", "AB3CA21C19D0DE60DEA591306FDC61CE354935FFE8E2AD25CA3F6A7797286BD8", "AB3D3B82371FE89FB5F604538E155E6BAE61A878FEC808C8982DBBF409E88F54", "AB6317658BB61B88CBF0BD8E3C85FF773A1AC7618F42E1194BD4B2750BB8BCFE", "AB7C7549C766E512A04307E28B24810554C55468A51111EA59F757952A32143E", "AB9BF82645A26195B7E3A2A88C35E5D4BA1E45784589233A145CB109453CED5E", "ABCCAF0B5CA6E3BFA51CA38E50C57E88B8FF461AF2BA9174416F3B345A55C6B8", "ABF8825C48969D423E885B7CCB57BDB86E27F87DD082837A7884ABA77320FDB1", "AC064705FA24E2BBDFBF06DC9EF0885F816F4E6EADDA86058810D3B27D8E9A84", "AC5DE01326AFA37CBA7F799502684F57AF3D9271EC49734648DB7797522AF2E8", "ACB1BEB9F23F8E2951B24CB2F49DBE6E43DA9F3C9311028237E3DCFF917143EE", "ACF676405BBB5AE27485D9F48AD72AC6E8FE2D60EE0D4B0D45374459BCE07DA3", "AD3469DA57D69E22249D4C5E144BB27FBE29D231F93EA58BD0AC4B908B598629", "AD4ECEAE4A1A859F7973542989D756EF157892493578480BA674AEFB27995763", "ADC76D1D1B983CF8B7637D2924D9901359BE3828DB268B50A10B9AEBC7DD04C0", "ADD0F839178755FA4DD912718C067188513D949DB4F98877C9A6309ED84FA4C9", "AE1071F674A8CA0407E65154FA17954DDDEFA42B2FE2855E6836D4B9A85A888D", "AE5CAFA00F24B40204B6CAFABBC12F8B52FE90963EFCFFDA3B199834FA10CA6C", "AED01AE411153EF61F18A5379A53E9FF22A1966A07D8367620044DFB22FE9466", "AF5AF2A578A7118F2477417E83C253B847D9473AB4D5335D10C898EEA7AE242B", "AF9DB0439D110F652A027B6F18E95DF66F97E9C31482C2B607F9689B0C161D83", "AFC4C2450EAD0E772356BE406F90FE16886049E52293B6EA4C32C86507ED4FD7", "AFFB8AFABDDD081CEAC397241D3C1451E9FB874F8ECFE541E10D86D499996547", "AFFC7C2B1ABE9852D258219A53CFB1F17D149F2B1D35A4D17CD1C5151D6E156C", "AFFD92BCC12500CEBD2822FB64DCF1EF589EA350A991DE5C09421D24BFAFD713", "B0A86AE748A5FEB5B28098C199E3AE109F5F415CD018723CC5E174C68579E28F", "B0BCC0CF14798ECA406449BF598FEC271C30138FB850C1EAAD250F2DAA62E933", "B0EB6605C4CC12D6E8D36185E6ED609865C93114FCB684DE73EB6BEB035D90DB", "B0ED0D04FEC73A0B0845B961BA35881F186789F8B230B6093E23AC1722054473", "B112C9607CBD35998B2830CA02C7C8517B31FED66C516BE791DE3D1647980CB8", "B11B7A56613A282C3F027A9E706E562C6C41E4A7E49FF07CC03C317801C4D833", "B14802EE857CDC0D56AA5D6E41F9A60ACB2D2D9EC4C0DCA472BDF964DF05E984", "B244A2BC0A7BD8241EA857E58CB786A72E25AF80B5B87BE5B86DB2539034F07D", "B2EA2FBA4D280351FEA7F9EC1921C448D44F4D9EC613590A87A15467F7D34153", "B336FF894E400574876D1540E7028A1D88A3471530F7789321AB40D527515D7D", "B36A668C28C4D760F6B565A18CA1708BA647B0486720FF7FEE833AC59F8D4800", "B3D45D2869A46128C141CB5B528583CD30585443FB237BA4D4B33436037C6E7C", "B3DABFADD619975EF5130C57A6702A88549BFE1458F2E0C404399F146BF3FA02", "B41E400D6CB06F16F486E14BA627A63F5A14FAC2BD1E27A85775A6764B2BB2A2", "B4234BB25932228355DB83C8FFB289B07CC2F57510D6DB1E2521E835FBB4B534", "B43A7CB4319BB82BD332B9CC6374727B5795345D5D3A80C8A42DC0B873AC5FFA", "B471883C35FEC1EA95A422B3D0911E93FFB95C9866F4E33119CEC57D0321E0F2", "B4BA991763253D738BCAA9AB61AE50E1AA4C20D6F3366D5551C3051C29FEADB2", "B526CAB1DCDE21FF18C6B51A82FBE7D2151C581A107178E0FC15F29D9F03CA71", "B57DE025F88A48D2EFA62FC54DC03536FA54843302611CD2E63D4779D4A54A67", "B5810DD31544DECD338CCD71F5C05C78B267068FE3FD01928B5545B05BEE5FA0", "B58C8D605AD2D55082212C3B435589CD9139B8812BB9C336ACC21409A827D691", "B5CB0E4A0239383BA3F2B9CEE70BCAD5201D9DD0ADCAFD3BD59E3FDC9EB5FBC1", "B5FF3A0A4BEBE5C4947ADA43EB1B39C0645EF9ABEBE4A315AFFAEB9638C6CB41", "B61307CAECBB5590BF8837472BAB9C85B9153B31B334257C484DD1ADD641B9ED", "B6ABCBAEBA2CF48D6DADDF1BB047FFAB6ACAAAAF6535CC5B7D3C594226337396", "B726DA65AF39A1A1E1DA1277B41BA5F24059CF3104DDD574B17677672DDE6237", "B776730BEF8B1AFBA479AE066C7AA9E78D065164B1F25B7C0DA6D8B9B59FC44F", "B7B3650FADEA64DE81987249A8574A4AE80ADC24528EA23322E33A2A8D88395B", "B7FF1129A02D2738AED73A8C157F3D6D872B530527C875906B3678301D70ECBB", "B8C124EE4E419DE7F41A9CB0246E9FF21300C4C9A2734EF999830B9906B65133", "B8E199CFC7A9C8DCF033928312B9AE0E344AB91916C93723350723B89FCB619A", "B8ECC6DA8E5E6E673B5EED1EDA2CA8802F78D106F37ABF3B45DE5A37BAE47848", "B94297D4173AAC4BC9DC4AD26D4ED40845DBF59B73C60378BE31715DFC0C00BC", "B9AF888A07E3EBAF9C8015FD69209D1220F715162C5A28325CECFF5EDD360FBE", "B9F4ED8FBC36B86B1B92BBA7C09A07DF33F805E337BB1DC2B0A2693BEBD6557B", "BA224C929D509ADDCB0F46007C0E0FACD292F79987D47E9F02DEFD7F67D0990C", "BA3D871218C7EC154D3DA60B65F47B45FC02B640ABAA3BFF2DBE9F1ADAE1DADF", "BA623255812F5894326A7A04E7565E7B402C3E556C22462052D019D08EA0871E", "BAD116C3DF02C4B171D620D476B8D02E7A84C0AFB8EF4BB40EC72B9291E4026B", "BAE50838DBA5EC5D7C652AC72A4669F4191050CE0543B14024B790C32926FC2D", "BAFE1432B61D78F2B29438C3606D2D46643F4DA3DFC6DD0FB0C4962ECD44C150", "BB06E8BD028B2DF581C4E507E45CF66921EDD872018812A67B8FFD9CD3141ABF", "BB34CDA6062011ADDEBD4318E4615ECEB868423BE5D12A887B5E380444020825", "BBBA7106F397CE955F3EC2129F3E774CF76298ECEBEAF802CE7BDD6DC2FC3872", "BBC001607D4FFC5BF566D998892962E49A145A0E15B990B9422BF06E1B00D42E", "BC2283C42C5754BA56D4B137D9299A766BC1E54917CDB4BD5C57BE600AAD1E60", "BC7F561FAB80D5D0A48021AB45201595C02030C9CECEBEB548DFB50B6376384A", "BC9A237881D6D4DE9A21F7866E0ABDAC309C2B830312FAF19B7C83460899BF25", "BCC63CD58C99277D56FB13B51F219E848029F5268684F2A05FD02FD2EF619268", "BCF706A5BB051B3BEC8912B397D796D841B213BBE4FE38490363751F6845030C", "BCFE59AECDDB67845A4B618BFD6E41A20C550D57DD097AC67063BDCE4F60B5F5", "BD16AD945811C7C5788FA310FE6EBE4BC8642CAB1164618F1CA91A84044B9A56", "BD1A3FB61CD3EE1C7BC03779DE4E8B49529819A9A99C701323C60D47481C2C9D", "BDA2771D5DF5EB6B4368FF152AE5EEC4623D37B0B07BFA76844E60A02523335A", "BDB0F371072DD759BDC908105E59960089A47593F2EC0613182245AA4BB15948", "BDB63237DD4FDCF0CBA8A8ADC596064A280A83BE18357A172935113EF0CE8EFD", "BDE3C6BF2BE48CFBD348890B046C235827D8A9118295E4A63BBDE86930834629", "BE28B80282A36EB5AE12EA4346DFDEB6572CBBFD3F23A4A31E09F4406B8F71BD", "BE523D88E9070A2DC41C20554C070BC6A203CA40E3C999CC7B9D52C82AF77DEF", "BEF98E81C05D73A11F0ADAD896D2B3A206EFEBCBAF2606D3FB600E31F02EE966", "BF241965E218490C5786B115CB2639A8CA788DC4170BC648A82E9FCC5A5AEBA4", "BF4DAB5BFF05B931EC899B32ADC32B92E0FD4213CD4EC5453B27270D2CC1D49B", "BF95B675104E7D07FF9910517B62F5D708C3391BB8683BE1D3FB920E856A6E97", "BFEAEA292E15782EAABE9AF703781546F0183CF0FC94BB94984A32C602FE9C18", "BFFC97D9B867396253756A09ED28B13F581A2B14A0637B4684951D9BD6071488", "C0340F2CD3C15616C3BA231CD2EB6366CEEBABBCB28179D9F1C77DF02E46D643", "C0501217B805DB60B66BE6BAE92316B764C51679EEA5027CB07C6E657F8181A2", "C0EACFEC4C235B98CEDC586C444160FF7039FC727D6A239087D2FF18EB8BFD10", "C0FDB3F4B7A171D3937E45DFD9D337DEA2512F2ECDE945CC40691DDEB5689DA3", "C138C333E90DCA6AA63BD629BDB1BDDA88BA738775F97FDCB002A66BEFF89FDD", "C18E4772030D674D152D69B21575B31602E8081D2A7D63F34DF5712FA898D8EA", "C1DE62607E696F3135AA44A9ED964385998509307175EDF6F47BDAEC9E4F6C06", "C210DB4F68E45B14B945F03E927903ECBDD3FE9752D07BE050AA1247BFD07911", "C2172119C7EA3C8DAF5775654958C15FAD557D43BF30EBA7616F82FFB6EA31E2", "C21DF137445A74F449CF6CCC8A9B91E60F530019113ACD3FE82D8A7B803E1BE9", "C24D4FCC97FD95E90382A4216040099F16203ABF61AF30281EF1C2E136253A42", "C270008C47088F4AB45570D101436BB116E08F304CC36AF51E0823C68AFCAAE8", "C2E8B6DDE464206AEDDA1C71AA033CD48E5CBB40D6C71D0239B45AA056C35190", "C31436DA6C1FDD78E2ECB68688AFD20C432119CDF718A53729D0F429AE0174AA", "C3213A08C57037B560B797CE67723EFC3B1D755253338C716ACD0DE2BA91026C", "C32E6CDF5E2B63D069515E22D16A28819A2DD3401300A5396516F5B1D38A278F", "C3393A29227C0C9FC49F0455ABC614404983902D3C4620110ED407A6527B4770", "C33C75D536D0395D907267D197964636B4CA8C5DFB52755A5682CF70BF8C7FB6", "C362DA3FCC19527A119FED83D0B6DA4D945A28BE02C6CEB71702ED777D4D16EF", "C3B05CDEF184BFD293F7EDCB8C5A430A32B9D04DDF8336E289D0609D021B85C2", "C48B8A24BEA3D79BEA32D69CB925440D9078E9C37A37DBDEB8805808860199D3", "C491B1CB55B646B9D624082EC35137AB8970627E2FCEA1983A109781CE7E2310", "C4C7263BB0446457BD010020AAA1AA92EF1D04D66540DB381D8B3996291D6D03", "C5BECC1FF633D3A61CC27E6C697004609D2D53037AA1A203924F83717DF01AC2", "C5E4DDCF2EC3310E2973CCC9C9ACCFCDDF92BEA5B6B97D98A29F2B8106A555D2", "C6D76168198B9EF24D77F1D04BA06E30D33B0C7D71C8457114E69E1A43BB68AD", "C726F40862B4C7F10ACCA65E33228688F1F53978CAB90244118ADE14DC095828", "C7752951E8085C186BF5D89E852FCD41F36C211BD9364B8CA87F6E4FF8AFF924", "C7AE65EB0D706F20B5B2D3D4E72252697ECA6AA7917A58A2DD40B4293B199DC0", "C7D7D62FA8E94165BC206F0EDD49660F6ADA29B1154D7D8326EC2A31B59220F7", "C85AE805DAE4BFB886E620D203691B28A85BA2DC3F369FF95D93339B02E74573", "C8A7CD6FECB690565A78CFE7E84668AB2298FDA2542217A4CB9F2ED9C460C2E9", "C8B10EBB1C04E885A0F46598D7359140F659737A3C1249FEE363B6A29D7355AA", "C8FF79949024BC54CBA611CDE67346D82439C38D6482F3748BE505D3A9532CC8", "C9594147E388237928595F1CF759F8EC355015BE6AC29A030A2FA3207D9B6DE4", "C95A8B937A6CBD06A135F063B01796BA2018504C97160BD39408FE446C9A1F02", "C976F3FB2440651533AB7414A4F76FC3C66CAF49895BE704575E993E6B5F6D48", "C994E0C0542449A63CEAA0364E71E51B629DC8755B3EBC74CF4BE2B4E092D025", "C99E5638A3EC9056D8B7F87F4A09793E85C12B072C34891CCC39B09CE3397E7B", "C9B215C2E990733679984F0C6E86DB20EA1ED143683D79CFE88293360577ED49", "C9D56908C5941D51F8B700D0AEB133B65A72D4A5D3A7FAA2D989A477B71C954D", "C9DB8E475F87871836812AB0F52C2F53E81B498CBB41517F21864FC97928EF5A", "C9DBEC674B465983601DD6E3ACB8651D25D19EC484A0A29BF634859B492C7ECC", "C9F19ED2C7A03593AC283C0067CD2FD24938ADA7B16D8ADE6C80795C2BDA0405", "C9FB34DC4DD9D107AA44B9450C99B916BC840CD0F468825041F3DBD249EAC5CD", "CA8D24C78D501345DB856FF9B53F4B1D8B088BAC6269D5682DAE4D83FBA4E3DC", "CAB98DC8364C4A155470496DCC3DC7BDBAEBCD7BD42B5B8569CD716A73341965", "CB394ED1B8C513E2AD32465BF5ED33A734676AF29B993397612A1FD97A4565E4", "CBAD9A5D72D7476363185541BD693344F4EEB28C6708F8A48B2849B3FD618351", "CC0FCA510A1D843BA5CC109DEE83E0560BE5D1E3A84C207ECB65CB64AF35BCE7", "CC173909692C459981D1073E4604BA322C09256DFB30B8AB544D2D5C6DBECE28", "CC1D9A9104A17F99FC3996B724F58A3653FB9987DA4742135CD391A792A47D3D", "CC4DCF0F94D88975574183DA005BDFA8C3D7B77746080979EF0AEB8D789CAC7A", "CC5089F9744A6B5AF776C8A1234A9BCA32E0798D396B5C631C8D215B02EA08AB", "CC714D6CB93526CA67C3B1AF953783F7648CF4A4936616886992C0290C5D5B18", "CC7E9F5BD3D20273CC222979077E4B7F3A894A6B5AB18E1BACEA50775762946B", "CC82F226E2520CFDD3DE40C98E4DBADBB76F6F877B21A2BF0E525B4E15F12D0A", "CD1271F65919F0A27ABAC5D2FB90AF847030089BEFBA36FA40622E14F85284D4", "CD1AEA82D347BCF45C817F297F91F17B63798AE3055B653759D8342B9405F1E0", "CD8271F1E3A620207AA3EAC35F944E1453EFEBC4728A88B9C3D9D0DA7F511F56", "CD97A128A9AE077D44AF9E9B42CD245B0F22FFF6FFA6DCD3C8F11FB01E29E289", "CD9B5BF488F3327F1A5D08B8A25E9EF90D7304376F44A16FB3F05E06566E80FF", "CDA078FD942764EA41F1C78F1E4090E3DC312088E0AA78FD554EB0AF9C8BDD0C", "CE226AE24A6E2D3DE67C38C0C6A7A613A0DDDDABCC8ACB8CAFB1CB1EE2157689", "CE45F65F8AEB5D90A862CD5EED3436A723C247870C58DCCBC1C00E5D1F237D54", "CEB12B4664C1D9045CE6A2D526284519816A08ABA9E1E6F54060B27C0BB3429D", "CEF20F8B2F76F34D20A1332E089A276B62CD83365A66024B5AB7A6CB1887883E", "CEF21B0BD5863DB6FAC5707072AFD1C97DBCCF20094059E8152F69DD866F7218", "CEF23955780B797D3E4DFF7B2586F5C1F6FE284FDC236FD6F838681B4A03628B", "CF035A87F48C537B025250F30CE8419C461C4F347B315FA2065E94EFC9158428", "CF522262D87F5B9763F1CC4CBAEE8D69CF8EAC24981BCFAA135D6302BFDDFDD3", "CF8080897BA997E374072C563D7B6C6088F56DDA07F407BD98DF25411FE5E09C", "CF99691D618EB1EA9A8A075EF91665712165EA871FA9FCC7A423963F869D124A", "CFD638A2D56FDAA7E2CFED7B4344FAF2210A433AC182F74EEAC48E18FACB8751", "CFF78161323725A8FD12DF13E41FC085C16BC5DB4DD0560B538661E5E827574B", "D061E62E3D4247B6DDB2AC74305987E31ABA8BB850B9B6C75D38E6D8ABE2F44B", "D073E08AD140CB6620590BE3498F8D2736D636AB608813B1FECA6FBC21280451", "D0B716391F80030BF988E290540B0ACE770BD27D3F36F2C823E1D371D32CEC50", "D0F90FC02DF0C56E6BD132E8B2615B5F33AB5CF670A65189CA520A94D2F35C9A", "D169D65C1B4E724E0599A63F4D6EF3A4DCB913A21F3E58C79EA2F8D00FF9573D", "D182CB632B33579A484CAA078DECBD4223A6DDEECE7EA8E1FDC5025F7DD813F3", "D1AFE8DF5160F7F66429CAC7472DFB3C1CDE36B34873FDBFD8D79F931C352114", "D22148CAD026D5D92B6F9B6A343034E846BB5856C3BBF91386CDDCED342AC6F0", "D222C68A9F9279A22A6D872628487DC4677D4BD829C33171CED7B9CDFF159C1B", "D236AC46451C28903CEF4310F580B8CE980B396B43304EE61B17BB51D3055BCB", "D25F96BF8FFC89967E930C42C71D7208B95B880B834BD2A42F60151967CC51D1", "D2B2FB96AF0019F5D16504AF39E442889BB4C2D53F4CBF95B8FEF864EC1390C8", "D2E48469AB3A6F2B1FEAEFDF00F68B8BC2F210C7E3BBABA5556DFDE4C6DB7ECD", "D320768EDA0A256974922526FBD9B0D787A99E5EB5A51830D413ECE091D3B830", "D3D8ED435C4CA8FB6EA23CBC3BCF5FD0E06943495EAB6C2245DEA41607A4EC6A", "D3FC4C864CD97E270FAC4CBCEABAE2B03B9602F6B255BA3A99D42C24F57C6E4F", "D3FEAA2DA6A2E0603EB01D2A6B4656C251C272EE79F4EAC14B510DF21E388FC4", "D41E7DE9268D7655D4AE0EE6E1EAA648B461EC3028DA157DE0C99574AEDF7A73", "D457EA928FA67FAE1569B9624DBA6A22FB287CA2E0BBFA5DB057A034685BC0AD", "D472BB6070D3EAAA575EDD37698BF33CF68D69F2859D529D555F7ED693CF3311", "D4F9AE28EA501CF2A176391E0E920E7B7FC3A2D7D8CE5319FAE6CA44DF5B1E04", "D5006110BB901C8B28332845E7232D26FD36B1609362E9BF8C8B8705EFBF33D5", "D50E1D38FA9347169BC69E6368733007D03E3B56F5983DB6946280D484FEEF26", "D5A66CF2D7203294935E51CCC293D11C48AB2DEB03784B8468171D08CB2F79D3", "D5AA5A836C6CC887766560D5C0DEA7A00ECE08E7210420C4B9BBFF45EA1FF9F6", "D6240400034A298813BFD7CEB1643211EFCAF06767C7860BA5B6E4F9B2C55421", "D66B903250F05C7E6F628063E46BB788B758ACF5470BDBDCE9A7DDCF98ED3362", "D66CB691867DF041E90EBC130438FC5BBE0194D785412337859988B981282368", "D6C51BC50AA09EEBAA2BF20A3D8CB97E587C311AEAED1C7DAAE6C8A1FAFE761A", "D70C0CFD2132EBB5AAF3CF53E301E73B5E5845FB7B0FC143B5DBE6CBAF3A884B", "D711A9D04D2F5CD9E84441FDBAA690899A6DBCDAEE1DFEED368B1C62BB0F755F", "D711E8839F9CEAF79F79AAE8CD01BDCDBF7DCD4C0649106ABCD18E8CADF832B2", "D75C787D719F6B509B47AAA92C0EBBE969DDCD2CD7BAA1800C224FD759790609", "D789BE582734A78BE1AD85C91997C3C5E972A3D0FA0590578A07FF1DAF993ED3", "D7DA9D152682CA1B726748D977D6C5D34402038E70F16AC9B970B073C18B791B", "D80811561A68677D06BFD70B2628FE8A381824C7F24050B93727226A89B56CB4", "D8ADEA08E50DD31A13D004FE5B304A9912C83527BE3756B66F2A397CF3660771", "D9149FF2A022C428AB36BCF4F88460112AF3AF085E6C6FD75CD50D2B242C721F", "D94A48AE9F580A6366D29978F998319ED852FD8F689952FC78B6758E2D5F53F1", "D97B3190AC9AD72617FAFC2AE9212FD65CF17BB60AC3075CF81B965970CBDAF4", "D985488BCABE1A6D7BF676B029366FA571E4B1815D450B6390009413E9756D62", "D9E893122D9CDF2BDC1963FA63AEF08CABCD2CBEF3DA16979E9838DE44F25804", "D9F3546932BD432766323A6E9A562D656E3EAC77AAB6EE3AAADFF6008E59BC30", "DA52C8AAC8E49FE83875D8FD83693222E58D6D178EBC1C00B564B8EB59727C9C", "DA7DAD37948FEFED484A1FECA050CF1FA716DB1FE72EEAECF45F7D40D359FAC8", "DAA1AB493771F23C03A5CF68B32054DD0BF2FFAABB82BF77077C01F8D84DFBED", "DAB6CB181424781D3CAEADDD031227EAB5B67EECC36B24ACF558ADBC524F2D57", "DAD5A8456E75C3E0D61A94AD852443D8D2F457AD466BC30FEDC9E8F6256B0E5E", "DB13FDD9A95B893DF32DDC06F19681EAD6CCF31EE2AEB489EE4CF0B874D168E3", "DB2C86720632450365AEBF019E5390EF2849F0C30BF4F940F146BE30CE25C947", "DB5888B374B195EA64AE86FFE011CAB511B57D364F834B0C07ED31BCE457A156", "DBEBF5B229C8DE6CB3D8A210AACEF003D3ABB0F69D7078FE103C643B2D8909C5", "DC3F9DC6E60E7791FEC4335A8C7FB9E85C847042EB357C7AEFE055E589B8FF69", "DC6CFA97AFC11ECA8AC903B07B25377D9849F6E270CE2A8494F78E7B651A0389", "DD39895C911A5C66806CAC2BEC6807CD3385FF346B2B24AD293C4587ABBC8D42", "DD411EA1F77F18E57C4DC818864CB0D5837DAEB7CFD8747629F8FCD7F969497C", "DDAC6B14B8934B2E6C225A197BD36CA0AC38FD8684F572F5702537FFE8240DAB", "DDBD4BDAEE1412B8C8199BA8BCDE15F2A42D1C2982D2BFF3B062BFCD642CDD23", "DE61CF56AD0796A00528B0861C6C0A246E74C685E64843189E387E6635F982A0", "DE6FC785FAEA5CDC22FA3DD95C1113BD7CE8E4668A2B0686DFF968822706AA72", "DE748301C4FF4EB59B2C16DC7443F92BC6B64BB243CD302369521927A09A6441", "DEA15AA90924B6886AAF1ADBAE6721ADDA0492BDF25633926408F9D3999ABC74", "DEAD8AF204F9BD05BE7B99EBE4FFD73C89820E7FD32EB4979DD5DE042E9BEB23", "DEAFA2DB54593AA80919E191E6F6089E8FC07DD6414224DF7420DF6F55DF4BC8", "DED463C35CCBDBF28F87AF801540DC5825E2C660837714657371DD3910A9638D", "DED899C681C4F01F658F5349E77058BDF8C51E88FADBC17AC63AAD856B4CADE5", "DEEEA56C6A53F19158B2B44D715A3E7F89C37B96E56FA2E28F6BF2F9BD859638", "DF4E8F31FE043E3CFA77E41A2F0CE2691BCEBF5ACB3B2A8B13BD91911951419D", "DFBA0A507CBA73A53666A3E5C741F70C7CFC57D7ECE64BB957B938A6262C5882", "E04D15F8F7C7F5E2311B51A02812D55217DDC056F58434E1ED055173E3828C33", "E089BB3364A1D64F0F411EC103AC76EA7C388D935F3CBB285C30433B852BD69B", "E0CAD87D2D58A2FEE5B2191470CEB1BAD189DB6A091A60BC28E6B8904753BA45", "E16306600C5787A0924549FA20F183CC475F71A9E80CD01105637CBA736B933E", "E16BCF432F7F9141A9384A484C6328B7193F5BE727AABBDDB91CCCFD7FD7C6B8", "E173DCA0E65F1BC893DFC386A3859828D95897C2E9C3CB8AB66C9F1FCD79D6C7", "E1DDF2752E86E32A93B778F4A62DA348D20B60DBDD915C1F9931C70D2553973C", "E1E17FC8FB3F66C5AD24B5EE11ED61EEB386830E53608FDA6A735CD954FE2F14", "E1E9EC92F2FB001C2C7B6AF116D3E1F63E360CF61602F853CB4A691D77495BBD", "E225A3BCBC25004797E7534D985A248393CAA8A86180ED2ACE900CE1374465F7", "E23B2B70071C87B4B30F175BDFB816A59FF7F9127F0905729A27B7EF44524CBC", "E27CF59C9E2E6C51C822E91F4392208E7D3759A654890A485CF9095C81FD8C05", "E298AFAE6C10545EEFE2EDCB1E58ACEB81769C82FC173BB89206A046496B5501", "E2CBBE23DEEE9BC79FCD931473BBF43A02A571073DC0773408485263D4954530", "E31CD1CAA68AD6659A7C459337F50C896A6D30B1CC25BEF6FC361000F2ACE0D4", "E3BD856982B27C3FE93EC13A76D5806B5BB18B95DD328F70706B73BE68D790ED", "E3D0BB62F3EBBFB0BD048F50837D047A327135C03929630E6A511352E13002E5", "E4483DF34E757AA349E718966444A52461C215D7119618553F0FE496E455849C", "E538650CAB7B2D6CD412F77C70DB4E45A1E53D161BD7EFE9A7A13EB7FAF5973C", "E57B9E2AE5C006DA16F9616892C6C976E91256B82D0E84E776BF4F20A1DB9BBF", "E5F1A51EB15FC95B082794A6D26932005C3A423DCD7B90C89E58A6878FD1D000", "E65542FCA90363D7C8577C507B17D1281192264CD6153EAD3B4C7E698CCB802B", "E662216536D352189553CACDED94197C05EB014BBDF76DD13702DFEF9445466A", "E66BEA38ED79A970EA18FDFE0CFF622C04A1AB5532B08FA652DAFD9064216199", "E733C17408E04FE220509E0551DBC620A986294A215F7DD00365914286AF7F92", "E77EC6F45B7D6E8BB278E220AB25F28DDD520313254120E5AA95ABE42DD9D030", "E7A3B86AB44458B20A9875CCC06FE1DAA11FED52FEC07836E615044F9966E259", "E7A3E01F56125C0D2C4DCAD5C1C2ED2C377E247B54F164A5E471F3418EA2DA10", "E8684FAE7803154B4F72424F7744578EB4ABE982D1DC1E1D54699BFA0D585EAB", "E8A312ECF86D6A1C6D9722B8D51FDE987A400AF0C6568E0E843C6327878D3511", "E8A460EF6615AD41E91C4533C20B80083D9D6E40A9584892FF55E41DDB9E367B", "E8A9D3E9EB263B8252AC392A110C5699C152EBE388EA85E79DC45D6A3DA9A738", "E8E4FCE5B193A97688ED7A4A23B4D13154763C9444EA954525E7D92908B47FD8", "E9402FC09A28106AF2485DB38FE701AD9E89189CD8A1924DECD9BC2BFC341007", "E950067BD8E6649CFB412691BB96FCC6AAFBB758789F58BCEBE7A124E713B8D2", "E95D6D6467CF6AB55E48D5436835BBE42A101787A81CB1552431485054CE0D72", "E9BDE265DE0FAEC04CB8BE1CB2B1316155D19087735DBF92D77E629BCD124564", "E9DA6D75F28F74E606E9E5AD8D757DAB7433AFF80ABC4F93C049880746124566", "EA23335228049116A13B1E97DB58AC9A534249D115E1498DA3E57253B1728414", "EA4BC9A6E1BC28B39AE0C360DA599139777EC05EDFDC5120E91AC3051300D3E7", "EB488D986A623E81C07D5F38DFFA754649938084B72DDAA698DEA6B41BB73C49", "EB75BB001082ED64F6F295C3004785BCD8F75E218451133709AECC28B2CD6F24", "EC3D8B78929CEE29AEF21A1B489AE5D843D897B3C4D451E9206D6EE31CC77C0D", "EC643EF9EC9CADE87C040B8EA7A47F18C0DA8FE93E7EAC8EE0DD22FDA059E3F8", "EC68A07B2C3DAE1C815890F259C28E42A77D5A3444423C6A6324A3D881B16265", "ECD78CCFAD199384A2E1B0251EC051113AB96CA42C9B3451D235C36A2FB281C6", "ED3E45AC313A892FECDEC8E8DE9767014721B1BC633C82F025E8395BEBFA4451", "ED46D5435729A848FC5D81677695C064ADF46780A6FA945243B3D418EFDD30C6", "EDB34CD93CDAF5921CF795AC72A6405C79962D06DE79535AF74133F2884DA4EB", "EDC4C5C80C00EE4AC9AA2C2F8FC5CF316B401A50DA42A577EE4FA380D4A47809", "EDDE8DB21E49234E26461F905C08F68E38F5133E6D7A47979302DD5D4113F271", "EE55227E62E1EC367E51C35B6B10B7DCA002BE9705E9F921FB78634D0BBDDA97", "EE82CC9199B17C42AFAB6A595867BB134A888404DCD55A54E85A8AF6C63E4C6F", "EEB9516998DA2DF997DE0C8D2E430D0384019A1F0FB40AA3444928DDBC351E4B", "EF01AD609D820B6AA1A62063A29A8227A37A95BC634772BF73C57463F0CD0057", "EF03F78CFD9649085D9C1597ADF2110383865BDB4CAE933F996DD6110490E00E", "EF2B4F4110ACF96FDC34CF6D7B916C577277400859F5F464947088E0CE635995", "EF3AFEEF28D63C4014CA63B767F53CC697530C1496781D91918DD1B8D89D0F81", "EF6337B3BE8850DC5B93DC33DA6E2610AE8AC00F05BFD07EB43C35AAAB391818", "EF8F0A9CABE55A98975A5E586449578AFBE0581CC3BBC4848706891FDC02ED1D", "EF9B6C270DCF82283BF13AFE4BD6A359C1D124B7D4895440A36E199964CDEF36", "EFC96C84FC6627E09277E1FB61859CD2CA1859DFD91107C5D299A533D68503BF", "EFDC0530E07DE443BD35D9A9CC914295CD80ACB045955C77547A90163A63BD73", "F0757274DB5D8329D95D7A6D4A3997DE0A00111E7975DD730038A4C7F5615F5B", "F0864C914EFB62F7C48822F52BDF423B57466738327736DD211AEFBE34B7C109", "F09AD94B48DEE6804F3C9AEE48EB9BA274CE6A40FCE684B18CF3D4B1944D4CCE", "F0D32D5C13A35680F4A8DA40436818493D9FB1B131B9211509D89B4ADDE8B956", "F1042A9B630123E7C1D89397D91327FF1E0E75733E34CC098BDA91ECD2D353AC", "F15BA9EC0C1FC4624C7DDC90D046A7A3558B86CF13B121A8778B5BA8562491DC", "F1D303774ACA9A5AD0E510C3DF5F1397009E7D6FD2FDAFAC4642501D873381FE", "F1ECF74A0087969AEAB2A74D57C4E1ED4D9DC73748D06233229C4CC120CBD882", "F1FCAD9702724B4983D6B5417FBF364CD19F0F19F7D722D5D70F3F75EFCA5438", "F28698F6086818D1DF666F50F367A5081E053275E64E213A13954C45D6245218", "F29729CD69E414047F2E02816A581C828ADD317EC56EA3845BB7C756A4974278", "F2A538AF2ED1CAABCF5F0891DB02363ECADA659FE7F2989D3CCD7668E4585622", "F2C8E4883F10811E81946AE2DFA2908C97E11E392EB4218ED7613EEDABF44BB8", "F3B3B320FC3C8E01B200030208A5935783A0EEB67EF939ADCCF9B03FA410D7C4", "F3DAB8567AF331C8A8360A693B97E286F43D555C7AE51BE5F8AFBCB6E6CB4EDF", "F46A4C43F77DC9BD8DC54150842759039BC0DD99D85EC00E2DEF629A08702F73", "F46C78B5699EA9E6CF425FDE29A6DB46E4CEE4304FA86CE08CAC7ECAA140B7A9", "F4BDACE4C2BD969BE014F58FD96BAC012DCB9FD40640A048ED223245FEA36AB5", "F542A12C495D85C0CEB4091F4CA805B6D3F211CCA410B1C97964AA4680E716F4", "F590F9B8CCE606C3A8B1868747618F53738AF0A967C71C872865E6F97E3E2A42", "F5BAF336C0FFA1A9715652B899383A9C6D730D8ADE9E07CAD68C90971C7F8249", "F5D1BF73FF3841466F9B24DF507EF84C934C38D15F16FEA1A1A4AA761557EAC8", "F5D5AAF38F45575DCEBF7AD5E9B3D25AA8678ED2972A091BF0082B881BDC74A4", "F62105F81141CDEB3DFFD1F9477D41B2397FCACB19F1417F54D9BA82EB281648", "F67202ED75BF1CA0B053A0700C443140838D02D55D86E69A476756009FE7F8BB", "F68657BDE06A6BCE28E48F62336E08FF1C48B814870486F0F4C9FB6409CBCD4D", "F6B3541EEFA36ECD398761520E531FA40B48E3275B7C8D31A42E5A645BBB6976", "F6CB5D184F054505D1AFC484A7ED62B632D46E147B9A86858EE1CE8F9064F729", "F6D55409408E5F2A4A2D18C4374E3627633D2238456C250A4584C4F286A6ECCB", "F713D909A314116D26B3223AC74DB2A12F255E8CD10396BE95E0FAE7DEBD27FB", "F7297DEE78789012F7802C00A7D437B06424929237D39542808A1D9905687922", "F779442F0B4B159B647211B27C52485C40EF8D77079FB564145C112408507200", "F7862E3AFF4165C1E96904B0CC478B568FD7C29638F30D7255C5D201546C0450", "F78646EAD7874D53598B48CEF56535D7D0B14CF602B2FC29200CA00C21F5365F", "F79BA4E357CB90CE069217655DB3D6CE7EF68F7A1B216115A6D8278F44302CF1", "F7A4C910A4DF2E02493D2FF5F34AA0A704BD3D1EDF63E2A05589FEA9676846E6", "F7A9F24F2EFB4C3BA35B16627279B36BFA955C4A41D713BC5B9139E3353DB374", "F7B0E65A0D4964DE6286997E4B8460353A4DC812157F17CB167E31E8AB9541F5", "F7BD0A4A6A42837BB09B0BD2F2CE008504E97D4E461D8049C4E77A68E3833196", "F7ECC1B5644BCD1080CC371173AB36D2F1D0839499F9CC28F1B54440D47879C3", "F8390B478CC88CCD9B75B538BAA2A7F2FC072BD54FB2BD554B55A1123085952D", "F86E0E99774B2ACA66C56C88E0F579364353B9D005771FFCBD70A09340339179", "F90FD904FE2AD66DEF4FDDFD5D99DDE1F5E9A79893EE2F3ADB1619E2F648B6FC", "F936FE55F38C08867ADBDA8E6F3802EAC3CA57726D86C3FDB2C0BC8583619B6F", "F9A935F07F0C2592550406829A333AA17FFA9DE5B312BF55A008E03FEAC4C43E", "F9BC443C8A73A169776E2C52F6AE8DF730B206D865193F14D59F7BE18252EDFB", "F9C3BC218F02B41A1EE998B0C9BACBCBA2A26044AA17D86E90806B1B4853903B", "F9ED99C3F4B2D868A3826BA34135EFCC7EF1978329C535488F23E6CF98DA913D", "FA90064F3FABCD5CD6E50C627B3EEFFD46086A8E2B7D5B55053A4E47043DC8A7", "FBA957E4586048D9FF15DAEE4F11829492FC4F59F16FD6E5E54DB4DA8A8E3636", "FC0AB5A04DEDCCA9B4FEE010F6A33E94AF0B79A3828E6659C5AB9764C36C13F8", "FC2BEDDC9B0A20E14CE30F6B90D14256565AADCC69A534CA0557D8F35594D108", "FC4C804F44282D78247FA90BC4C8C855819430A02725094AC97DBD89D0227589", "FCAC7D98117B03399F82DCCB838E46178F1E1B0134953A875D65C1A4DDEEE33C", "FDE8E9C242ED2D257B3BCF9E013CB6CFC32441C70BF5803FE16A714EDE9E7DFB", "FE0CD9D782041746DBFBA9DFD5A169C98E21DF40D5DB566AD15D9898EFE9D6E4", "FE252D131D8F7560832F857A2E94C6660B4590940855E6B811C5BA4036C7A5C4", "FEAEE8622A205E50B38C60FAEE30FD2BDAC6C88663B2DECD7EE8865FB6D684A5", "FEAF899311408CA38E545D22EE9CBAF38F4A7C17D2B7549CDA42D6D309837179", "FF196C203FBE7855B209E778D969F9CB477E5AC6AB3BD028DDAA44EFCD8D3685", "FF2067F5795678871CB3A20F0D87A66F2589FB5F4B73AFAD6A56091DEDB2F9F9", "FF972FF475C6691212D41E145A91B62441337954697CD95DE31DD265512A07AD", "FF981F0D929279F4AD54F04F9EF143521F6D647CFB5130FB4F71B1E035CAA204", "FFE28C886CCFDE5B966268C76FE0497BB831D4C7E71AFADA341A1164C3DF01BA", "FFEF65915DD801D408BA9D75900795F158A407B4735B5BF405076A2C35296696", "FFF1402575E7BE1F32E231DF470BEDA94544D3C346FFE024F98E6A628264A23E"]}, {"type": "ics", "idList": ["ICSA-18-226-02", "ICSA-20-105-05", "ICSMA-20-184-01"]}, {"type": "intel", "idList": ["INTEL:INTEL-SA-00115"]}, {"type": "intothesymmetry", "idList": ["INTOTHESYMMETRY:458BCB1DFE42EF07F0FBAFB7EF82F028", "INTOTHESYMMETRY:E734ED1EBF3CAA516E338187A38075D9", "INTOTHESYMMETRY:E90923CAE21ADFC423A96B462BCBC0DF"]}, {"type": "jvn", "idList": ["JVN:03188560", "JVN:19118282", "JVN:30962312", "JVN:65044642", "JVN:86448949", "JVN:91383083"]}, {"type": "kaspersky", "idList": ["KLA11178", "KLA11179", "KLA11234", "KLA11241", "KLA11253", "KLA11258", "KLA11294", "KLA11340", "KLA11893", "KLA11894"]}, {"type": "lenovo", "idList": ["LENOVO:PS500167-NOSID", "LENOVO:PS500167-SPECULATIVE-EXECUTION-SIDE-CHANNEL-VULNERABILITY-VARIANTS-NOSID", "LENOVO:PS500174-INTEL-SOFTWARE-GUARD-EXTENSIONS-SGX-VULNERABILITIES-NOSID", "LENOVO:PS500174-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2014-0219", "MGASA-2015-0351", "MGASA-2016-0056", "MGASA-2016-0093", "MGASA-2016-0244", "MGASA-2016-0311", "MGASA-2017-0042", "MGASA-2017-0091", "MGASA-2017-0134", "MGASA-2017-0256", "MGASA-2017-0390", "MGASA-2017-0405", "MGASA-2017-0420", "MGASA-2017-0453", "MGASA-2017-0463", "MGASA-2017-0464", "MGASA-2017-0466", "MGASA-2017-0467", "MGASA-2017-0470", "MGASA-2017-0474", "MGASA-2018-0062", "MGASA-2018-0063", "MGASA-2018-0064", "MGASA-2018-0073", "MGASA-2018-0074", "MGASA-2018-0075", "MGASA-2018-0094", "MGASA-2018-0101", "MGASA-2018-0104", "MGASA-2018-0155", "MGASA-2018-0187", "MGASA-2018-0244", "MGASA-2018-0249", "MGASA-2018-0256", "MGASA-2018-0262", "MGASA-2018-0263", "MGASA-2018-0264", "MGASA-2018-0265", "MGASA-2018-0270", "MGASA-2018-0281", "MGASA-2018-0298", "MGASA-2018-0322", "MGASA-2018-0324", "MGASA-2018-0340", "MGASA-2018-0341", "MGASA-2018-0391", "MGASA-2018-0418", "MGASA-2018-0419", "MGASA-2018-0435", "MGASA-2018-0436", "MGASA-2018-0468"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT-WINDOWS-LOCAL-MOV_SS-"]}, {"type": "mscve", "idList": ["MS:ADV180012", "MS:ADV180013", "MS:ADV180018", "MS:ADV180022", "MS:ADV190013", "MS:CVE-2018-8897"]}, {"type": "mskb", "idList": ["KB4073065", "KB4134651", "KB4284819", "KB4284826", "KB4284835", "KB4284860", "KB4284867", "KB4284874", "KB4284880", "KB4338815", "KB4338820", "KB4338824", "KB4338830", "KB4340583", "KB4467680", "KB4467686", "KB4467691", "KB4467696", "KB4467702", "KB4467708", "KB4480957", "KB4480960", "KB4480963", "KB4480964", "KB4480968", "KB4480970", "KB4480972", "KB4480975"]}, {"type": "msrc", "idList": ["MSRC:8E7703F9639151363780734ECD0AD114"]}, {"type": "nessus", "idList": ["700352.PASL", "700511.PRM", "700516.PRM", "700518.PRM", "700523.PRM", "700620.PRM", "700625.PRM", "700656.PRM", "700657.PRM", "700658.PRM", "700659.PRM", "801963.PRM", "8830.PASL", "8832.PASL", "9128.PRM", "9465.PRM", "9699.PRM", "9933.PRM", "9934.PRM", "ACTIVEMQ_5_15_5.NASL", "AIX_IJ05818.NASL", "AIX_IJ05820.NASL", "AIX_IJ05821.NASL", "AIX_IJ05822.NASL", "AIX_IJ05823.NASL", "AIX_IJ05824.NASL", "AIX_IJ05826.NASL", "AIX_NTP_V3_ADVISORY9.NASL", "AIX_NTP_V4_ADVISORY9.NASL", "AIX_OPENSSL_ADVISORY18.NASL", "AIX_OPENSSL_ADVISORY25.NASL", "AL2_ALAS-2018-1004.NASL", "AL2_ALAS-2018-1009.NASL", "AL2_ALAS-2018-1010.NASL", "AL2_ALAS-2018-1023.NASL", "AL2_ALAS-2018-1033.NASL", "AL2_ALAS-2018-1034.NASL", "AL2_ALAS-2018-1037.NASL", "AL2_ALAS-2018-1038.NASL", "AL2_ALAS-2018-1039.NASL", "AL2_ALAS-2018-1048.NASL", "AL2_ALAS-2018-1049.NASL", "AL2_ALAS-2018-1058.NASL", "AL2_ALAS-2018-1097.NASL", "AL2_ALAS-2018-1111.NASL", "AL2_ALAS-2018-1120.NASL", "AL2_ALAS-2018-1121.NASL", "AL2_ALAS-2018-1129.NASL", "AL2_ALAS-2018-949.NASL", "AL2_ALAS-2018-961.NASL", "AL2_ALAS-2018-971.NASL", "AL2_ALAS-2018-994.NASL", "AL2_ALAS-2019-1144.NASL", "AL2_ALAS-2019-1150.NASL", "AL2_ALAS-2019-1158.NASL", "AL2_ALAS-2019-1160.NASL", "AL2_ALAS-2019-1230.NASL", "AL2_ALAS-2019-1338.NASL", "ALA_ALAS-2016-656.NASL", "ALA_ALAS-2016-657.NASL", "ALA_ALAS-2016-658.NASL", "ALA_ALAS-2016-661.NASL", "ALA_ALAS-2016-701.NASL", "ALA_ALAS-2017-816.NASL", "ALA_ALAS-2017-937.NASL", "ALA_ALAS-2018-1003.NASL", "ALA_ALAS-2018-1010.NASL", "ALA_ALAS-2018-1016.NASL", "ALA_ALAS-2018-1017.NASL", "ALA_ALAS-2018-1023.NASL", "ALA_ALAS-2018-1034.NASL", "ALA_ALAS-2018-1037.NASL", "ALA_ALAS-2018-1038.NASL", "ALA_ALAS-2018-1039.NASL", "ALA_ALAS-2018-1040.NASL", "ALA_ALAS-2018-1058.NASL", "ALA_ALAS-2018-1097.NASL", "ALA_ALAS-2018-1108.NASL", "ALA_ALAS-2018-1111.NASL", "ALA_ALAS-2018-1129.NASL", "ALA_ALAS-2018-949.NASL", "ALA_ALAS-2018-971.NASL", "ALA_ALAS-2018-974.NASL", "ARISTA_CVP_SA0037.NASL", "ARISTA_EOS_SA0034.NASL", "ARISTA_EOS_SA0037.NASL", "CENTOS_RHSA-2014-0474.NASL", "CENTOS_RHSA-2016-0301.NASL", "CENTOS_RHSA-2016-0492.NASL", "CENTOS_RHSA-2016-2046.NASL", "CENTOS_RHSA-2017-3071.NASL", "CENTOS_RHSA-2018-0095.NASL", "CENTOS_RHSA-2018-0260.NASL", "CENTOS_RHSA-2018-0349.NASL", "CENTOS_RHSA-2018-0666.NASL", "CENTOS_RHSA-2018-0805.NASL", "CENTOS_RHSA-2018-0855.NASL", "CENTOS_RHSA-2018-0998.NASL", "CENTOS_RHSA-2018-1062.NASL", "CENTOS_RHSA-2018-1318.NASL", "CENTOS_RHSA-2018-1319.NASL", "CENTOS_RHSA-2018-1629.NASL", "CENTOS_RHSA-2018-1632.NASL", "CENTOS_RHSA-2018-1633.NASL", "CENTOS_RHSA-2018-1647.NASL", "CENTOS_RHSA-2018-1648.NASL", "CENTOS_RHSA-2018-1649.NASL", "CENTOS_RHSA-2018-1650.NASL", "CENTOS_RHSA-2018-1651.NASL", "CENTOS_RHSA-2018-1660.NASL", "CENTOS_RHSA-2018-1669.NASL", "CENTOS_RHSA-2018-1854.NASL", "CENTOS_RHSA-2018-1879.NASL", "CENTOS_RHSA-2018-1965.NASL", "CENTOS_RHSA-2018-1997.NASL", "CENTOS_RHSA-2018-2001.NASL", "CENTOS_RHSA-2018-2162.NASL", "CENTOS_RHSA-2018-2164.NASL", "CENTOS_RHSA-2018-2846.NASL", "CENTOS_RHSA-2018-2942.NASL", "CENTOS_RHSA-2018-2943.NASL", "CENTOS_RHSA-2018-3041.NASL", "CENTOS_RHSA-2018-3050.NASL", "CENTOS_RHSA-2018-3052.NASL", "CENTOS_RHSA-2018-3071.NASL", "CENTOS_RHSA-2018-3083.NASL", "CENTOS_RHSA-2018-3249.NASL", "CENTOS_RHSA-2018-3253.NASL", "CENTOS_RHSA-2018-3350.NASL", "CENTOS_RHSA-2018-3409.NASL", "CENTOS_RHSA-2018-3521.NASL", "CENTOS_RHSA-2018-3665.NASL", "CENTOS_RHSA-2019-0049.NASL", "CISCO-SA-20180824-APIC.NASL", "CISCO-SA-20180824-IOSXE.NASL", "CITRIX_XENSERVER_CTX234679.NASL", "CITRIX_XENSERVER_CTX235225.NASL", "DEBIAN_DLA-1058.NASL", "DEBIAN_DLA-1200.NASL", "DEBIAN_DLA-1339.NASL", "DEBIAN_DLA-1369.NASL", "DEBIAN_DLA-1375.NASL", "DEBIAN_DLA-1383.NASL", "DEBIAN_DLA-1392.NASL", "DEBIAN_DLA-1423.NASL", "DEBIAN_DLA-1446.NASL", "DEBIAN_DLA-1466.NASL", "DEBIAN_DLA-1506.NASL", "DEBIAN_DLA-1519.NASL", "DEBIAN_DLA-1520.NASL", "DEBIAN_DLA-1560.NASL", "DEBIAN_DLA-1577.NASL", "DEBIAN_DLA-1580.NASL", "DEBIAN_DLA-1590.NASL", "DEBIAN_DLA-1643.NASL", "DEBIAN_DLA-1715.NASL", "DEBIAN_DLA-1731.NASL", "DEBIAN_DLA-2184.NASL", "DEBIAN_DLA-232.NASL", "DEBIAN_DLA-2323.NASL", "DEBIAN_DLA-2771.NASL", "DEBIAN_DLA-57.NASL", "DEBIAN_DLA-611.NASL", "DEBIAN_DSA-2940.NASL", "DEBIAN_DSA-3428.NASL", "DEBIAN_DSA-3447.NASL", "DEBIAN_DSA-3500.NASL", "DEBIAN_DSA-3530.NASL", "DEBIAN_DSA-3536.NASL", "DEBIAN_DSA-4017.NASL", "DEBIAN_DSA-4018.NASL", "DEBIAN_DSA-4065.NASL", "DEBIAN_DSA-4073.NASL", "DEBIAN_DSA-4082.NASL", "DEBIAN_DSA-4144.NASL", "DEBIAN_DSA-4157.NASL", "DEBIAN_DSA-4166.NASL", "DEBIAN_DSA-4187.NASL", "DEBIAN_DSA-4188.NASL", "DEBIAN_DSA-4195.NASL", "DEBIAN_DSA-4196.NASL", "DEBIAN_DSA-4201.NASL", "DEBIAN_DSA-4210.NASL", "DEBIAN_DSA-4272.NASL", "DEBIAN_DSA-4273.NASL", "DEBIAN_DSA-4306.NASL", "DEBIAN_DSA-4307.NASL", "DEBIAN_DSA-4326.NASL", "DEBIAN_DSA-4469.NASL", "DEBIAN_DSA-5103.NASL", "EULEROS_SA-2016-1049.NASL", "EULEROS_SA-2017-1124.NASL", "EULEROS_SA-2017-1125.NASL", "EULEROS_SA-2017-1267.NASL", "EULEROS_SA-2017-1268.NASL", "EULEROS_SA-2018-1026.NASL", "EULEROS_SA-2018-1027.NASL", "EULEROS_SA-2018-1028.NASL", "EULEROS_SA-2018-1031.NASL", "EULEROS_SA-2018-1058.NASL", "EULEROS_SA-2018-1059.NASL", "EULEROS_SA-2018-1115.NASL", "EULEROS_SA-2018-1119.NASL", "EULEROS_SA-2018-1120.NASL", "EULEROS_SA-2018-1121.NASL", "EULEROS_SA-2018-1132.NASL", "EULEROS_SA-2018-1133.NASL", "EULEROS_SA-2018-1153.NASL", "EULEROS_SA-2018-1179.NASL", "EULEROS_SA-2018-1192.NASL", "EULEROS_SA-2018-1193.NASL", "EULEROS_SA-2018-1194.NASL", "EULEROS_SA-2018-1195.NASL", "EULEROS_SA-2018-1196.NASL", "EULEROS_SA-2018-1197.NASL", "EULEROS_SA-2018-1200.NASL", "EULEROS_SA-2018-1201.NASL", "EULEROS_SA-2018-1234.NASL", "EULEROS_SA-2018-1243.NASL", "EULEROS_SA-2018-1256.NASL", "EULEROS_SA-2018-1260.NASL", "EULEROS_SA-2018-1263.NASL", "EULEROS_SA-2018-1264.NASL", "EULEROS_SA-2018-1265.NASL", "EULEROS_SA-2018-1266.NASL", "EULEROS_SA-2018-1267.NASL", "EULEROS_SA-2018-1270.NASL", "EULEROS_SA-2018-1271.NASL", "EULEROS_SA-2018-1278.NASL", "EULEROS_SA-2018-1279.NASL", "EULEROS_SA-2018-1315.NASL", "EULEROS_SA-2018-1316.NASL", "EULEROS_SA-2018-1339.NASL", "EULEROS_SA-2018-1342.NASL", "EULEROS_SA-2018-1348.NASL", "EULEROS_SA-2018-1352.NASL", "EULEROS_SA-2018-1354.NASL", "EULEROS_SA-2018-1361.NASL", "EULEROS_SA-2018-1386.NASL", "EULEROS_SA-2018-1389.NASL", "EULEROS_SA-2018-1394.NASL", "EULEROS_SA-2018-1398.NASL", "EULEROS_SA-2018-1408.NASL", "EULEROS_SA-2018-1416.NASL", "EULEROS_SA-2018-1417.NASL", "EULEROS_SA-2018-1421.NASL", "EULEROS_SA-2018-1425.NASL", "EULEROS_SA-2018-1444.NASL", "EULEROS_SA-2019-1005.NASL", "EULEROS_SA-2019-1026.NASL", "EULEROS_SA-2019-1045.NASL", "EULEROS_SA-2019-1055.NASL", "EULEROS_SA-2019-1060.NASL", "EULEROS_SA-2019-1072.NASL", "EULEROS_SA-2019-1076.NASL", "EULEROS_SA-2019-1085.NASL", "EULEROS_SA-2019-1107.NASL", "EULEROS_SA-2019-1112.NASL", "EULEROS_SA-2019-1119.NASL", "EULEROS_SA-2019-1136.NASL", "EULEROS_SA-2019-1165.NASL", "EULEROS_SA-2019-1167.NASL", "EULEROS_SA-2019-1168.NASL", "EULEROS_SA-2019-1184.NASL", "EULEROS_SA-2019-1203.NASL", "EULEROS_SA-2019-1227.NASL", "EULEROS_SA-2019-1233.NASL", "EULEROS_SA-2019-1246.NASL", "EULEROS_SA-2019-1248.NASL", "EULEROS_SA-2019-1272.NASL", "EULEROS_SA-2019-1292.NASL", "EULEROS_SA-2019-1322.NASL", "EULEROS_SA-2019-1337.NASL", "EULEROS_SA-2019-1383.NASL", "EULEROS_SA-2019-1388.NASL", "EULEROS_SA-2019-1403.NASL", "EULEROS_SA-2019-1409.NASL", "EULEROS_SA-2019-1412.NASL", "EULEROS_SA-2019-1413.NASL", "EULEROS_SA-2019-1416.NASL", "EULEROS_SA-2019-1417.NASL", "EULEROS_SA-2019-1434.NASL", "EULEROS_SA-2019-1450.NASL", "EULEROS_SA-2019-1501.NASL", "EULEROS_SA-2019-1505.NASL", "EULEROS_SA-2019-1512.NASL", "EULEROS_SA-2019-1515.NASL", "EULEROS_SA-2019-1519.NASL", "EULEROS_SA-2019-1537.NASL", "EULEROS_SA-2019-1538.NASL", "EULEROS_SA-2019-1539.NASL", "EULEROS_SA-2019-1546.NASL", "EULEROS_SA-2019-1547.NASL", "EULEROS_SA-2019-1551.NASL", "EULEROS_SA-2019-1552.NASL", "EULEROS_SA-2019-1555.NASL", "EULEROS_SA-2019-1556.NASL", "EULEROS_SA-2019-1584.NASL", "EULEROS_SA-2019-1676.NASL", "EULEROS_SA-2019-1693.NASL", "EULEROS_SA-2019-1743.NASL", "EULEROS_SA-2019-1745.NASL", "EULEROS_SA-2019-1759.NASL", "EULEROS_SA-2019-1777.NASL", "EULEROS_SA-2019-1844.NASL", "EULEROS_SA-2019-1846.NASL", "EULEROS_SA-2019-1903.NASL", "EULEROS_SA-2019-1938.NASL", "EULEROS_SA-2019-2007.NASL", "EULEROS_SA-2019-2016.NASL", "EULEROS_SA-2019-2030.NASL", "EULEROS_SA-2019-2200.NASL", "EULEROS_SA-2019-2331.NASL", "EULEROS_SA-2019-2332.NASL", "EULEROS_SA-2019-2364.NASL", "EULEROS_SA-2019-2460.NASL", "EULEROS_SA-2019-2468.NASL", "EULEROS_SA-2019-2476.NASL", "EULEROS_SA-2020-1188.NASL", "EULEROS_SA-2020-1394.NASL", "EULEROS_SA-2021-1403.NASL", "EULEROS_SA-2021-2542.NASL", "EULEROS_SA-2021-2566.NASL", "EULEROS_SA-2021-2758.NASL", "EULEROS_SA-2021-2785.NASL", "EULEROS_SA-2022-1434.NASL", "EULEROS_SA-2022-1455.NASL", "EULEROS_SA-2022-1612.NASL", "EULEROS_SA-2022-1635.NASL", "EULEROS_SA-2022-1649.NASL", "EULEROS_SA-2022-1663.NASL", "EULEROS_SA-2022-2032.NASL", "EULEROS_SA-2022-2060.NASL", "F5_BIGIP_SOL02951273.NASL", "F5_BIGIP_SOL07082049.NASL", "F5_BIGIP_SOL14363514.NASL", "F5_BIGIP_SOL17403481.NASL", "F5_BIGIP_SOL44512851.NASL", "F5_BIGIP_SOL44923228.NASL", "F5_BIGIP_SOL55001100.NASL", "F5_BIGIP_SOL74374841.NASL", "F5_BIGIP_SOL93122894.NASL", "F5_BIGIP_SOL96670746.NASL", "FEDORA_2014-9380.NASL", "FEDORA_2015-14237.NASL", "FEDORA_2016-1AAF308DE4.NASL", "FEDORA_2016-21BD6A33AF.NASL", "FEDORA_2016-2802690366.NASL", "FEDORA_2016-527018D2FF.NASL", "FEDORA_2016-7C48036D73.NASL", "FEDORA_2016-C558E58B21.NASL", "FEDORA_2016-D717FDCF74.NASL", "FEDORA_2016-E1234B65A2.NASL", "FEDORA_2016-E6807B3394.NASL", "FEDORA_2017-0D3FDD3D1F.NASL", "FEDORA_2017-15819D2C37.NASL", "FEDORA_2017-20D54B2782.NASL", "FEDORA_2017-2C63DF4FE3.NASL", "FEDORA_2017-3451DBEC48.NASL", "FEDORA_2017-5EBAC1C112.NASL", "FEDORA_2017-71C47E1E82.NASL", "FEDORA_2017-72323A442F.NASL", "FEDORA_2017-769793738F.NASL", "FEDORA_2017-8E9D9771C4.NASL", "FEDORA_2017-92F8958310.NASL", "FEDORA_2017-E5B36383F4.NASL", "FEDORA_2017-E853B4144F.NASL", "FEDORA_2018-043BD3349E.NASL", "FEDORA_2018-04D49A1804.NASL", "FEDORA_2018-04EDED822E.NASL", "FEDORA_2018-11B37D7A68.NASL", "FEDORA_2018-24BD6C9D4A.NASL", "FEDORA_2018-296BF0C332.NASL", "FEDORA_2018-29EBBA0906.NASL", "FEDORA_2018-391A1F3E61.NASL", "FEDORA_2018-3E04E9FE54.NASL", "FEDORA_2018-44F8A7454D.NASL", "FEDORA_2018-527698A904.NASL", "FEDORA_2018-5521156807.NASL", "FEDORA_2018-6367A17AA3.NASL", "FEDORA_2018-71D85BC8CD.NASL", "FEDORA_2018-7243F31304.NASL", "FEDORA_2018-7CD077DDD3.NASL", "FEDORA_2018-7EAE87EC86.NASL", "FEDORA_2018-875AFEBB87.NASL", "FEDORA_2018-8E27AD96ED.NASL", "FEDORA_2018-93C2E74446.NASL", "FEDORA_2018-959AAC67A3.NASL", "FEDORA_2018-98684F429B.NASL", "FEDORA_2018-99FF4C8F80.NASL", "FEDORA_2018-9F02E5ED7B.NASL", "FEDORA_2018-A042F795B2.NASL", "FEDORA_2018-A7AC26523D.NASL", "FEDORA_2018-AA8DE9D66A.NASL", "FEDORA_2018-AEC846C0EF.NASL", "FEDORA_2018-B48E0B8761.NASL", "FEDORA_2018-C3A2174314.NASL", "FEDORA_2018-C402EEA18B.NASL", "FEDORA_2018-DB0D3E157E.NASL", "FEDORA_2018-E6DF7FCF75.NASL", "FEDORA_2018-EC39FE2C9C.NASL", "FEDORA_2018-F29459149A.NASL", "FEDORA_2018-F47268ACD5.NASL", "FEDORA_2018-F97CB1C9B0.NASL", "FEDORA_2018-FC3018B1BD.NASL", "FEDORA_2019-51F1E08207.NASL", "FEDORA_2019-6E1938A3C5.NASL", "FEDORA_2019-CF725DD20B.NASL", "FEDORA_2020-D14280A6E8.NASL", "FEDORA_2021-0A6290F865.NASL", "FEDORA_2021-2B151590D9.NASL", "FREEBSD_PKG_1AAAA5C6804D11EC8BE6D4C9EF517024.NASL", "FREEBSD_PKG_25E0593D13C011E59AFB3C970E169BC2.NASL", "FREEBSD_PKG_3679FD10C5D111E5B85F0018FE623F2B.NASL", "FREEBSD_PKG_3BB451FCDB6411E7AC58B499BAEBFEAF.NASL", "FREEBSD_PKG_3C0237F5420E11E782C514DAE9D210B8.NASL", "FREEBSD_PKG_3F3837CC48FB4414AA465B1C23C9FEAE.NASL", "FREEBSD_PKG_521CE80452FD11E89123A4BADB2F4699.NASL", "FREEBSD_PKG_6D33B3E5EA0311E585BE14DAE9D210B8.NASL", "FREEBSD_PKG_7B1A4A27600A11E6A6C314DAE9D210B8.NASL", "FREEBSD_PKG_7B5A8E3B52CC11E88C7A9C5C8E75236A.NASL", "FREEBSD_PKG_8719B9358BAE41AD92BA3C826F651219.NASL", "FREEBSD_PKG_8C2B2F110EBE11E6B55EB499BAEBFEAF.NASL", "FREEBSD_PKG_9442A811DAB311E7B5AFA4BADB2F4699.NASL", "FREEBSD_PKG_9F7A0F39DDC011E7B5AFA4BADB2F4699.NASL", "FREEBSD_PKG_B7CFF5A931CC11E88F07B499BAEBFEAF.NASL", "FREEBSD_PKG_BEA84A7AE0C911E7B4F311BAA0C2DF21.NASL", "FREEBSD_PKG_D455708AE3D311E69940B499BAEBFEAF.NASL", "FREEBSD_PKG_F40F07AAC00F11E7AC58B499BAEBFEAF.NASL", "GENTOO_GLSA-201601-05.NASL", "GENTOO_GLSA-201603-15.NASL", "GENTOO_GLSA-201607-09.NASL", "GENTOO_GLSA-201702-07.NASL", "GENTOO_GLSA-201706-19.NASL", "GENTOO_GLSA-201712-03.NASL", "GENTOO_GLSA-201802-04.NASL", "GENTOO_GLSA-201803-06.NASL", "GENTOO_GLSA-201804-02.NASL", "GENTOO_GLSA-201806-01.NASL", "GENTOO_GLSA-201810-10.NASL", "GENTOO_GLSA-201908-03.NASL", "GENTOO_GLSA-201908-10.NASL", "GENTOO_GLSA-202210-02.NASL", "HPSMH_7_5_5.NASL", "IBM_HTTP_SERVER_569301.NASL", "IBM_JAVA_2018_01_16.NASL", "IBM_JAVA_2018_04_17.NASL", "IBM_JAVA_2018_07_17.NASL", "IBM_JAVA_2018_08_01.NASL", "IBM_JAVA_2018_10_16.NASL", "JUNIPER_JSA10759.NASL", "JUNIPER_JSA10775.NASL", "JUNIPER_NSM_JSA10851.NASL", "JUNIPER_SPACE_JSA10917_183R1.NASL", "JUNIPER_SPACE_JSA10917_184R1.NASL", "MACOSX_SECUPD2018-003.NASL", "MACOSX_SECUPD_10_13_6_2018-002.NASL", "MACOSX_XCODE_81.NASL", "MACOS_10_13.NASL", "MACOS_10_14.NASL", "MANDRIVA_MDVSA-2014-095.NASL", "MICROSOFT_WINDOWS_SPEC_EXECUTION.NBIN", "MYSQL_5_6_30.NASL", "MYSQL_5_6_30_RPM.NASL", "MYSQL_5_6_36.NASL", "MYSQL_5_6_36_RPM.NASL", "MYSQL_5_6_39.NASL", "MYSQL_5_6_39_RPM.NASL", "MYSQL_5_7_12.NASL", "MYSQL_5_7_12_RPM.NASL", "MYSQL_5_7_18.NASL", "MYSQL_5_7_18_RPM.NASL", "MYSQL_5_7_21.NASL", "MYSQL_5_7_21_RPM.NASL", "MYSQL_ENTERPRISE_MONITOR_3_3_3_1199.NASL", "MYSQL_ENTERPRISE_MONITOR_4_0_2_5168.NASL", "MYSQL_ENTERPRISE_MONITOR_4_0_4_5233.NASL", "NEWSTART_CGSL_NS-SA-2019-0012_JAVA-1.7.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0014_SYSTEMD.NASL", "NEWSTART_CGSL_NS-SA-2019-0016_JAVA-1.8.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0024_GLIBC.NASL", "NEWSTART_CGSL_NS-SA-2019-0025_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0025_KRB5.NASL", "NEWSTART_CGSL_NS-SA-2019-0027_JAVA-1.8.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0028_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0029_NTP.NASL", "NEWSTART_CGSL_NS-SA-2019-0032_JAVA-1.7.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0033_OPENSSL.NASL", "NEWSTART_CGSL_NS-SA-2019-0035_JAVA-1.8.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0040_JAVA-1.7.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0044_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0049_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0049_NETWORKMANAGER.NASL", "NEWSTART_CGSL_NS-SA-2019-0051_SYSTEMD.NASL", "NEWSTART_CGSL_NS-SA-2019-0061_PYTHON.NASL", "NEWSTART_CGSL_NS-SA-2019-0065_WGET.NASL", "NEWSTART_CGSL_NS-SA-2019-0067_KRB5.NASL", "NEWSTART_CGSL_NS-SA-2019-0068_GNUTLS.NASL", "NEWSTART_CGSL_NS-SA-2019-0069_JASPER.NASL", "NEWSTART_CGSL_NS-SA-2019-0070_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0074_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0075_SETUP.NASL", "NEWSTART_CGSL_NS-SA-2019-0124_JAVA-1.7.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0126_JAVA-1.8.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0127_NTP.NASL", "NEWSTART_CGSL_NS-SA-2019-0131_JAVA-1.7.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0132_LIBVIRT.NASL", "NEWSTART_CGSL_NS-SA-2019-0133_QEMU-KVM.NASL", "NEWSTART_CGSL_NS-SA-2019-0137_JAVA-1.8.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0142_GLIBC.NASL", "NEWSTART_CGSL_NS-SA-2019-0142_JAVA-1.7.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0143_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0146_JAVA-1.8.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2020-0028_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2021-0053_GLIBC.NASL", "NTP_4_2_8P10.NASL", "OPENSSL_1_0_1S.NASL", "OPENSSL_1_0_2F.NASL", "OPENSSL_1_0_2G.NASL", "OPENSSL_1_0_2K.NASL", "OPENSSL_1_0_2M.NASL", "OPENSSL_1_0_2N.NASL", "OPENSSL_1_0_2ZC_DEV.NASL", "OPENSSL_1_1_0D.NASL", "OPENSSL_1_1_0G.NASL", "OPENSSL_1_1_0H.NASL", "OPENSSL_1_1_1M.NASL", "OPENSUSE-2016-288.NASL", "OPENSUSE-2016-289.NASL", "OPENSUSE-2016-292.NASL", "OPENSUSE-2016-607.NASL", "OPENSUSE-2016-715.NASL", "OPENSUSE-2017-1324.NASL", "OPENSUSE-2017-1381.NASL", "OPENSUSE-2017-1390.NASL", "OPENSUSE-2017-1391.NASL", "OPENSUSE-2017-256.NASL", "OPENSUSE-2017-284.NASL", "OPENSUSE-2017-442.NASL", "OPENSUSE-2017-511.NASL", "OPENSUSE-2017-844.NASL", "OPENSUSE-2017-866.NASL", "OPENSUSE-2018-1001.NASL", "OPENSUSE-2018-1049.NASL", "OPENSUSE-2018-1092.NASL", "OPENSUSE-2018-1138.NASL", "OPENSUSE-2018-1143.NASL", "OPENSUSE-2018-116.NASL", "OPENSUSE-2018-117.NASL", "OPENSUSE-2018-1205.NASL", "OPENSUSE-2018-1363.NASL", "OPENSUSE-2018-1364.NASL", "OPENSUSE-2018-1382.NASL", "OPENSUSE-2018-1423.NASL", "OPENSUSE-2018-153.NASL", "OPENSUSE-2018-168.NASL", "OPENSUSE-2018-184.NASL", "OPENSUSE-2018-254.NASL", "OPENSUSE-2018-256.NASL", "OPENSUSE-2018-292.NASL", "OPENSUSE-2018-30.NASL", "OPENSUSE-2018-328.NASL", "OPENSUSE-2018-377.NASL", "OPENSUSE-2018-389.NASL", "OPENSUSE-2018-454.NASL", "OPENSUSE-2018-488.NASL", "OPENSUSE-2018-489.NASL", "OPENSUSE-2018-5.NASL", "OPENSUSE-2018-514.NASL", "OPENSUSE-2018-515.NASL", "OPENSUSE-2018-547.NASL", "OPENSUSE-2018-599.NASL", "OPENSUSE-2018-602.NASL", "OPENSUSE-2018-603.NASL", "OPENSUSE-2018-656.NASL", "OPENSUSE-2018-700.NASL", "OPENSUSE-2018-810.NASL", "OPENSUSE-2018-830.NASL", "OPENSUSE-2018-860.NASL", "OPENSUSE-2018-885.NASL", "OPENSUSE-2018-886.NASL", "OPENSUSE-2018-887.NASL", "OPENSUSE-2018-894.NASL", "OPENSUSE-2018-90.NASL", "OPENSUSE-2019-1315.NASL", "OPENSUSE-2019-139.NASL", "OPENSUSE-2019-1438.NASL", "OPENSUSE-2019-1439.NASL", "OPENSUSE-2019-1530.NASL", "OPENSUSE-2019-274.NASL", "OPENSUSE-2019-398.NASL", "OPENSUSE-2019-418.NASL", "OPENSUSE-2019-424.NASL", "OPENSUSE-2019-426.NASL", "OPENSUSE-2019-43.NASL", "OPENSUSE-2019-510.NASL", "OPENSUSE-2019-570.NASL", "OPENSUSE-2019-575.NASL", "OPENSUSE-2019-618.NASL", "OPENSUSE-2019-620.NASL", "OPENSUSE-2019-622.NASL", "OPENSUSE-2019-746.NASL", "OPENSUSE-2019-774.NASL", "OPENSUSE-2019-818.NASL", "OPENSUSE-2019-909.NASL", "OPENSUSE-2020-1325.NASL", "OPENSUSE-2020-801.NASL", "OPENSUSE-2020-86.NASL", "ORACLELINUX_ELSA-2014-0474.NASL", "ORACLELINUX_ELSA-2016-0301.NASL", "ORACLELINUX_ELSA-2016-0492.NASL", "ORACLELINUX_ELSA-2016-2046.NASL", "ORACLELINUX_ELSA-2017-3071.NASL", "ORACLELINUX_ELSA-2018-0095.NASL", "ORACLELINUX_ELSA-2018-0260.NASL", "ORACLELINUX_ELSA-2018-0349.NASL", "ORACLELINUX_ELSA-2018-0666.NASL", "ORACLELINUX_ELSA-2018-0805.NASL", "ORACLELINUX_ELSA-2018-0855.NASL", "ORACLELINUX_ELSA-2018-0998.NASL", "ORACLELINUX_ELSA-2018-1062.NASL", "ORACLELINUX_ELSA-2018-1318.NASL", "ORACLELINUX_ELSA-2018-1319.NASL", "ORACLELINUX_ELSA-2018-1629.NASL", "ORACLELINUX_ELSA-2018-1632.NASL", "ORACLELINUX_ELSA-2018-1633.NASL", "ORACLELINUX_ELSA-2018-1647.NASL", "ORACLELINUX_ELSA-2018-1648.NASL", "ORACLELINUX_ELSA-2018-1649.NASL", "ORACLELINUX_ELSA-2018-1650.NASL", "ORACLELINUX_ELSA-2018-1651.NASL", "ORACLELINUX_ELSA-2018-1660.NASL", "ORACLELINUX_ELSA-2018-1669.NASL", "ORACLELINUX_ELSA-2018-1854.NASL", "ORACLELINUX_ELSA-2018-1879.NASL", "ORACLELINUX_ELSA-2018-1965.NASL", "ORACLELINUX_ELSA-2018-1997.NASL", "ORACLELINUX_ELSA-2018-2001.NASL", "ORACLELINUX_ELSA-2018-2162.NASL", "ORACLELINUX_ELSA-2018-2164.NASL", "ORACLELINUX_ELSA-2018-2846.NASL", "ORACLELINUX_ELSA-2018-2942.NASL", "ORACLELINUX_ELSA-2018-2943.NASL", "ORACLELINUX_ELSA-2018-3041.NASL", "ORACLELINUX_ELSA-2018-3050.NASL", "ORACLELINUX_ELSA-2018-3052.NASL", "ORACLELINUX_ELSA-2018-3071.NASL", "ORACLELINUX_ELSA-2018-3083.NASL", "ORACLELINUX_ELSA-2018-3249.NASL", "ORACLELINUX_ELSA-2018-3253.NASL", "ORACLELINUX_ELSA-2018-3350.NASL", "ORACLELINUX_ELSA-2018-3409.NASL", "ORACLELINUX_ELSA-2018-3521.NASL", "ORACLELINUX_ELSA-2018-3665.NASL", "ORACLELINUX_ELSA-2018-4017.NASL", "ORACLELINUX_ELSA-2018-4071.NASL", "ORACLELINUX_ELSA-2018-4096.NASL", "ORACLELINUX_ELSA-2018-4097.NASL", "ORACLELINUX_ELSA-2018-4098.NASL", "ORACLELINUX_ELSA-2018-4108.NASL", "ORACLELINUX_ELSA-2018-4109.NASL", "ORACLELINUX_ELSA-2018-4110.NASL", "ORACLELINUX_ELSA-2018-4114.NASL", "ORACLELINUX_ELSA-2018-4126.NASL", "ORACLELINUX_ELSA-2018-4131.NASL", "ORACLELINUX_ELSA-2018-4134.NASL", "ORACLELINUX_ELSA-2018-4145.NASL", "ORACLELINUX_ELSA-2018-4161.NASL", "ORACLELINUX_ELSA-2018-4164.NASL", "ORACLELINUX_ELSA-2018-4195.NASL", "ORACLELINUX_ELSA-2018-4196.NASL", "ORACLELINUX_ELSA-2018-4268.NASL", "ORACLELINUX_ELSA-2019-0049.NASL", "ORACLELINUX_ELSA-2019-4316.NASL", "ORACLELINUX_ELSA-2019-4531.NASL", "ORACLEVM_OVMSA-2016-0031.NASL", "ORACLEVM_OVMSA-2016-0049.NASL", "ORACLEVM_OVMSA-2017-0165.NASL", "ORACLEVM_OVMSA-2018-0012.NASL", "ORACLEVM_OVMSA-2018-0015.NASL", "ORACLEVM_OVMSA-2018-0035.NASL", "ORACLEVM_OVMSA-2018-0040.NASL", "ORACLEVM_OVMSA-2018-0041.NASL", "ORACLEVM_OVMSA-2018-0218.NASL", "ORACLEVM_OVMSA-2018-0219.NASL", "ORACLEVM_OVMSA-2018-0221.NASL", "ORACLEVM_OVMSA-2018-0223.NASL", "ORACLEVM_OVMSA-2018-0228.NASL", "ORACLEVM_OVMSA-2018-0231.NASL", "ORACLEVM_OVMSA-2018-0232.NASL", "ORACLEVM_OVMSA-2018-0233.NASL", "ORACLEVM_OVMSA-2018-0235.NASL", "ORACLEVM_OVMSA-2018-0236.NASL", "ORACLEVM_OVMSA-2018-0237.NASL", "ORACLEVM_OVMSA-2018-0238.NASL", "ORACLEVM_OVMSA-2018-0248.NASL", "ORACLEVM_OVMSA-2018-0271.NASL", "ORACLEVM_OVMSA-2018-0272.NASL", "ORACLEVM_OVMSA-2018-0282.NASL", "ORACLEVM_OVMSA-2018-0290.NASL", "ORACLEVM_OVMSA-2019-0007.NASL", "ORACLEVM_OVMSA-2020-0039.NASL", "ORACLE_ACCESS_MANAGER_CPU_JAN_2018.NASL", "ORACLE_E-BUSINESS_CPU_JAN_2018.NASL", "ORACLE_EDQ_OCT_2014_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_APR_2018_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_APR_2019_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_JUL_2017_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JAN_2019_CPU.NASL", "ORACLE_HTTP_SERVER_CPU_JAN_2018.NASL", "ORACLE_IDENTITY_MANAGEMENT_CPU_OCT_2014.NASL", "ORACLE_JAVA_CPU_APR_2018.NASL", "ORACLE_JAVA_CPU_APR_2018_UNIX.NASL", "ORACLE_JAVA_CPU_JAN_2018.NASL", "ORACLE_JAVA_CPU_JAN_2018_UNIX.NASL", "ORACLE_JAVA_CPU_JUL_2018.NASL", "ORACLE_JAVA_CPU_JUL_2018_UNIX.NASL", "ORACLE_JAVA_CPU_OCT_2018.NASL", "ORACLE_JAVA_CPU_OCT_2018_UNIX.NASL", "ORACLE_JROCKIT_CPU_APR_2018.NASL", "ORACLE_JROCKIT_CPU_JUL_2018.NASL", "ORACLE_JROCKIT_CPU_OCT_2018.NASL", "ORACLE_MYSQL_CONNECTORS_CPU_JAN_2018.NASL", "ORACLE_OAAM_CPU_OCT_2014.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_APR_2021.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_APR_2017_CPU.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_APR_2018_CPU.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JAN_2018_CPU.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JUL_2018_CPU.NASL", "ORACLE_TUXEDO_CPU_APR_2018.NASL", "ORACLE_WEBCENTER_PORTAL_CPU_JAN_2018.NBIN", "ORACLE_WEBLOGIC_SERVER_CPU_APR_2017.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_OCT_2014.NBIN", "OT_500248.NASL", "PALO_ALTO_PAN-SA-2018-0012.NASL", "PFSENSE_SA-16_02.NASL", "PFSENSE_SA-17_04.NASL", "PFSENSE_SA-17_07.NASL", "PFSENSE_SA-17_11.NASL", "PFSENSE_SA-18_05.NASL", "PHOTONOS_PHSA-2017-0010.NASL", "PHOTONOS_PHSA-2017-0010_NTP.NASL", "PHOTONOS_PHSA-2017-0041.NASL", "PHOTONOS_PHSA-2017-0041_GLIBC.NASL", "PHOTONOS_PHSA-2017-0042.NASL", "PHOTONOS_PHSA-2017-0042_OPENSSL.NASL", "PHOTONOS_PHSA-2017-0048.NASL", "PHOTONOS_PHSA-2017-1_0-0093.NASL", "PHOTONOS_PHSA-2017-1_0-0093_LINUX.NASL", "PHOTONOS_PHSA-2017-1_0-0095.NASL", "PHOTONOS_PHSA-2017-1_0-0095_LINUX.NASL", "PHOTONOS_PHSA-2017-2_0-0008.NASL", "PHOTONOS_PHSA-2017-2_0-0008_LINUX.NASL", "PHOTONOS_PHSA-2018-1_0-0097-A.NASL", "PHOTONOS_PHSA-2018-1_0-0097-A_OPENSSL.NASL", "PHOTONOS_PHSA-2018-1_0-0101.NASL", "PHOTONOS_PHSA-2018-1_0-0101_OPENJDK.NASL", "PHOTONOS_PHSA-2018-1_0-0130.NASL", "PHOTONOS_PHSA-2018-1_0-0130_OPENJDK.NASL", "PHOTONOS_PHSA-2018-1_0-0132-A.NASL", "PHOTONOS_PHSA-2018-1_0-0132-A_LINUX.NASL", "PHOTONOS_PHSA-2018-1_0-0151.NASL", "PHOTONOS_PHSA-2018-1_0-0151_LINUX.NASL", "PHOTONOS_PHSA-2018-1_0-0167.NASL", "PHOTONOS_PHSA-2018-1_0-0167_OPENJDK.NASL", "PHOTONOS_PHSA-2018-1_0-0167_SYSTEMD.NASL", "PHOTONOS_PHSA-2018-1_0-0177.NASL", "PHOTONOS_PHSA-2018-1_0-0177_KRB5.NASL", "PHOTONOS_PHSA-2018-1_0-0178.NASL", "PHOTONOS_PHSA-2018-1_0-0178_PYTHON2.NASL", "PHOTONOS_PHSA-2018-1_0-0178_PYTHON3.NASL", "PHOTONOS_PHSA-2018-1_0-0192.NASL", "PHOTONOS_PHSA-2018-1_0-0192_OPENJDK.NASL", "PHOTONOS_PHSA-2018-1_0-0193_SYSTEMD.NASL", "PHOTONOS_PHSA-2018-2_0-0010-A.NASL", "PHOTONOS_PHSA-2018-2_0-0010-A_OPENSSL.NASL", "PHOTONOS_PHSA-2018-2_0-0013.NASL", "PHOTONOS_PHSA-2018-2_0-0013_OPENJDK8.NASL", "PHOTONOS_PHSA-2018-2_0-0037-A.NASL", "PHOTONOS_PHSA-2018-2_0-0037-A_LINUX.NASL", "PHOTONOS_PHSA-2018-2_0-0049.NASL", "PHOTONOS_PHSA-2018-2_0-0049_LINUX.NASL", "PHOTONOS_PHSA-2018-2_0-0076.NASL", "PHOTONOS_PHSA-2018-2_0-0076_SYSTEMD.NASL", "PHOTONOS_PHSA-2018-2_0-0077.NASL", "PHOTONOS_PHSA-2018-2_0-0077_OPENJDK8.NASL", "PHOTONOS_PHSA-2018-2_0-0086.NASL", "PHOTONOS_PHSA-2018-2_0-0086_PYTHON2.NASL", "PHOTONOS_PHSA-2018-2_0-0086_STRONGSWAN.NASL", "PHOTONOS_PHSA-2018-2_0-0087.NASL", "PHOTONOS_PHSA-2018-2_0-0087_KRB5.NASL", "PHOTONOS_PHSA-2018-2_0-0106_OPENJDK8.NASL", "PHOTONOS_PHSA-2018-2_0-0107_SYSTEMD.NASL", "PHOTONOS_PHSA-2018-2_0-0109_LINUX.NASL", "PHOTONOS_PHSA-2019-1_0-0239_KRB5.NASL", "PHOTONOS_PHSA-2019-2_0-0164_KRB5.NASL", "PHOTONOS_PHSA-2019-3_0-0020_KRB5.NASL", "PHOTONOS_PHSA-2020-1_0-0290_OPENJDK11.NASL", "PHOTONOS_PHSA-2020-3_0-0084_OPENJDK11.NASL", "RANCHEROS_1_4_0.NASL", "RANCHEROS_1_4_1.NASL", "REDHAT-RHSA-2014-0474.NASL", "REDHAT-RHSA-2014-0500.NASL", "REDHAT-RHSA-2015-1622.NASL", "REDHAT-RHSA-2016-0301.NASL", "REDHAT-RHSA-2016-0379.NASL", "REDHAT-RHSA-2016-0492.NASL", "REDHAT-RHSA-2016-2046.NASL", "REDHAT-RHSA-2017-3071.NASL", "REDHAT-RHSA-2018-0095.NASL", "REDHAT-RHSA-2018-0099.NASL", "REDHAT-RHSA-2018-0100.NASL", "REDHAT-RHSA-2018-0115.NASL", "REDHAT-RHSA-2018-0260.NASL", "REDHAT-RHSA-2018-0349.NASL", "REDHAT-RHSA-2018-0351.NASL", "REDHAT-RHSA-2018-0352.NASL", "REDHAT-RHSA-2018-0458.NASL", "REDHAT-RHSA-2018-0521.NASL", "REDHAT-RHSA-2018-0654.NASL", "REDHAT-RHSA-2018-0666.NASL", "REDHAT-RHSA-2018-0676.NASL", "REDHAT-RHSA-2018-0805.NASL", "REDHAT-RHSA-2018-0855.NASL", "REDHAT-RHSA-2018-0998.NASL", "REDHAT-RHSA-2018-1062.NASL", "REDHAT-RHSA-2018-1130.NASL", "REDHAT-RHSA-2018-1170.NASL", "REDHAT-RHSA-2018-1203.NASL", "REDHAT-RHSA-2018-1205.NASL", "REDHAT-RHSA-2018-1318.NASL", "REDHAT-RHSA-2018-1319.NASL", "REDHAT-RHSA-2018-1345.NASL", "REDHAT-RHSA-2018-1346.NASL", "REDHAT-RHSA-2018-1347.NASL", "REDHAT-RHSA-2018-1348.NASL", "REDHAT-RHSA-2018-1349.NASL", "REDHAT-RHSA-2018-1350.NASL", "REDHAT-RHSA-2018-1351.NASL", "REDHAT-RHSA-2018-1354.NASL", "REDHAT-RHSA-2018-1355.NASL", "REDHAT-RHSA-2018-1374.NASL", "REDHAT-RHSA-2018-1463.NASL", "REDHAT-RHSA-2018-1524.NASL", "REDHAT-RHSA-2018-1629.NASL", "REDHAT-RHSA-2018-1630.NASL", "REDHAT-RHSA-2018-1632.NASL", "REDHAT-RHSA-2018-1633.NASL", "REDHAT-RHSA-2018-1635.NASL", "REDHAT-RHSA-2018-1636.NASL", "REDHAT-RHSA-2018-1637.NASL", "REDHAT-RHSA-2018-1638.NASL", "REDHAT-RHSA-2018-1639.NASL", "REDHAT-RHSA-2018-1640.NASL", "REDHAT-RHSA-2018-1641.NASL", "REDHAT-RHSA-2018-1642.NASL", "REDHAT-RHSA-2018-1647.NASL", "REDHAT-RHSA-2018-1648.NASL", "REDHAT-RHSA-2018-1649.NASL", "REDHAT-RHSA-2018-1650.NASL", "REDHAT-RHSA-2018-1651.NASL", "REDHAT-RHSA-2018-1652.NASL", "REDHAT-RHSA-2018-1653.NASL", "REDHAT-RHSA-2018-1654.NASL", "REDHAT-RHSA-2018-1655.NASL", "REDHAT-RHSA-2018-1656.NASL", "REDHAT-RHSA-2018-1657.NASL", "REDHAT-RHSA-2018-1658.NASL", "REDHAT-RHSA-2018-1659.NASL", "REDHAT-RHSA-2018-1660.NASL", "REDHAT-RHSA-2018-1661.NASL", "REDHAT-RHSA-2018-1662.NASL", "REDHAT-RHSA-2018-1663.NASL", "REDHAT-RHSA-2018-1664.NASL", "REDHAT-RHSA-2018-1665.NASL", "REDHAT-RHSA-2018-1666.NASL", "REDHAT-RHSA-2018-1667.NASL", "REDHAT-RHSA-2018-1668.NASL", "REDHAT-RHSA-2018-1669.NASL", "REDHAT-RHSA-2018-1674.NASL", "REDHAT-RHSA-2018-1675.NASL", "REDHAT-RHSA-2018-1676.NASL", "REDHAT-RHSA-2018-1688.NASL", "REDHAT-RHSA-2018-1689.NASL", "REDHAT-RHSA-2018-1690.NASL", "REDHAT-RHSA-2018-1696.NASL", "REDHAT-RHSA-2018-1710.NASL", "REDHAT-RHSA-2018-1711.NASL", "REDHAT-RHSA-2018-1721.NASL", "REDHAT-RHSA-2018-1722.NASL", "REDHAT-RHSA-2018-1723.NASL", "REDHAT-RHSA-2018-1724.NASL", "REDHAT-RHSA-2018-1737.NASL", "REDHAT-RHSA-2018-1738.NASL", "REDHAT-RHSA-2018-1812.NASL", "REDHAT-RHSA-2018-1826.NASL", "REDHAT-RHSA-2018-1854.NASL", "REDHAT-RHSA-2018-1879.NASL", "REDHAT-RHSA-2018-1965.NASL", "REDHAT-RHSA-2018-1967.NASL", "REDHAT-RHSA-2018-1974.NASL", "REDHAT-RHSA-2018-1975.NASL", "REDHAT-RHSA-2018-1997.NASL", "REDHAT-RHSA-2018-2001.NASL", "REDHAT-RHSA-2018-2003.NASL", "REDHAT-RHSA-2018-2006.NASL", "REDHAT-RHSA-2018-2060.NASL", "REDHAT-RHSA-2018-2161.NASL", "REDHAT-RHSA-2018-2162.NASL", "REDHAT-RHSA-2018-2164.NASL", "REDHAT-RHSA-2018-2185.NASL", "REDHAT-RHSA-2018-2186.NASL", "REDHAT-RHSA-2018-2216.NASL", "REDHAT-RHSA-2018-2246.NASL", "REDHAT-RHSA-2018-2250.NASL", "REDHAT-RHSA-2018-2253.NASL", "REDHAT-RHSA-2018-2254.NASL", "REDHAT-RHSA-2018-2255.NASL", "REDHAT-RHSA-2018-2256.NASL", "REDHAT-RHSA-2018-2309.NASL", "REDHAT-RHSA-2018-2328.NASL", "REDHAT-RHSA-2018-2387.NASL", "REDHAT-RHSA-2018-2394.NASL", "REDHAT-RHSA-2018-2396.NASL", "REDHAT-RHSA-2018-2568.NASL", "REDHAT-RHSA-2018-2569.NASL", "REDHAT-RHSA-2018-2575.NASL", "REDHAT-RHSA-2018-2576.NASL", "REDHAT-RHSA-2018-2712.NASL", "REDHAT-RHSA-2018-2713.NASL", "REDHAT-RHSA-2018-2785.NASL", "REDHAT-RHSA-2018-2791.NASL", "REDHAT-RHSA-2018-2846.NASL", "REDHAT-RHSA-2018-2924.NASL", "REDHAT-RHSA-2018-2925.NASL", "REDHAT-RHSA-2018-2933.NASL", "REDHAT-RHSA-2018-2942.NASL", "REDHAT-RHSA-2018-2943.NASL", "REDHAT-RHSA-2018-2948.NASL", "REDHAT-RHSA-2018-3000.NASL", "REDHAT-RHSA-2018-3001.NASL", "REDHAT-RHSA-2018-3002.NASL", "REDHAT-RHSA-2018-3003.NASL", "REDHAT-RHSA-2018-3007.NASL", "REDHAT-RHSA-2018-3008.NASL", "REDHAT-RHSA-2018-3041.NASL", "REDHAT-RHSA-2018-3050.NASL", "REDHAT-RHSA-2018-3052.NASL", "REDHAT-RHSA-2018-3071.NASL", "REDHAT-RHSA-2018-3083.NASL", "REDHAT-RHSA-2018-3096.NASL", "REDHAT-RHSA-2018-3249.NASL", "REDHAT-RHSA-2018-3253.NASL", "REDHAT-RHSA-2018-3350.NASL", "REDHAT-RHSA-2018-3396.NASL", "REDHAT-RHSA-2018-3397.NASL", "REDHAT-RHSA-2018-3398.NASL", "REDHAT-RHSA-2018-3399.NASL", "REDHAT-RHSA-2018-3400.NASL", "REDHAT-RHSA-2018-3401.NASL", "REDHAT-RHSA-2018-3402.NASL", "REDHAT-RHSA-2018-3407.NASL", "REDHAT-RHSA-2018-3409.NASL", "REDHAT-RHSA-2018-3423.NASL", "REDHAT-RHSA-2018-3424.NASL", "REDHAT-RHSA-2018-3425.NASL", "REDHAT-RHSA-2018-3459.NASL", "REDHAT-RHSA-2018-3521.NASL", "REDHAT-RHSA-2018-3533.NASL", "REDHAT-RHSA-2018-3534.NASL", "REDHAT-RHSA-2018-3540.NASL", "REDHAT-RHSA-2018-3586.NASL", "REDHAT-RHSA-2018-3590.NASL", "REDHAT-RHSA-2018-3665.NASL", "REDHAT-RHSA-2018-3671.NASL", "REDHAT-RHSA-2018-3672.NASL", "REDHAT-RHSA-2018-3779.NASL", "REDHAT-RHSA-2018-3852.NASL", "REDHAT-RHSA-2019-0049.NASL", "REDHAT-RHSA-2019-1046.NASL", "REDHAT-RHSA-2019-1170.NASL", "REDHAT-RHSA-2019-1190.NASL", "REDHAT-RHSA-2019-4159.NASL", "REDHAT-RHSA-2020-1268.NASL", "REDHAT-RHSA-2020-1346.NASL", "SECURITYCENTER_5_4_3_TNS_2017_04.NASL", "SECURITYCENTER_OPENSSL_1_0_2K.NASL", "SECURITYCENTER_OPENSSL_1_0_2M.NASL", "SECURITYCENTER_OPENSSL_1_0_2N.NASL", "SLACKWARE_SSA_2016-062-02.NASL", "SLACKWARE_SSA_2017-041-02.NASL", "SLACKWARE_SSA_2017-112-02.NASL", "SLACKWARE_SSA_2017-306-02.NASL", "SLACKWARE_SSA_2017-342-01.NASL", "SLACKWARE_SSA_2018-124-01.NASL", "SLACKWARE_SSA_2018-129-02.NASL", "SLACKWARE_SSA_2018-208-01.NASL", "SLACKWARE_SSA_2019-169-01.NASL", "SL_20140507_STRUTS_ON_SL5_X.NASL", "SL_20160301_OPENSSL_ON_SL6_X.NASL", "SL_20160323_TOMCAT6_ON_SL6_X.NASL", "SL_20161010_TOMCAT_ON_SL7_X.NASL", "SL_20171026_NTP_ON_SL6_X.NASL", "SL_20180117_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20180131_SYSTEMD_ON_SL7_X.NASL", "SL_20180226_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20180410_GLIBC_ON_SL7_X.NASL", "SL_20180410_KERNEL_ON_SL7_X.NASL", "SL_20180410_KRB5_ON_SL7_X.NASL", "SL_20180410_NTP_ON_SL7_X.NASL", "SL_20180410_OPENSSL_ON_SL7_X.NASL", "SL_20180508_KERNEL_ON_SL6_X.NASL", "SL_20180508_KERNEL_ON_SL7_X.NASL", "SL_20180521_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20180521_QEMU_KVM_ON_SL6_X.NASL", "SL_20180522_JAVA_1_7_0_OPENJDK_ON_SL7_X.NASL", "SL_20180522_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20180522_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL", "SL_20180522_KERNEL_ON_SL6_X.NASL", "SL_20180522_KERNEL_ON_SL7_X.NASL", "SL_20180522_LIBVIRT_ON_SL6_X.NASL", "SL_20180522_LIBVIRT_ON_SL7_X.NASL", "SL_20180522_QEMU_KVM_ON_SL7_X.NASL", "SL_20180619_GLIBC_ON_SL6_X.NASL", "SL_20180619_KERNEL_ON_SL6_X.NASL", "SL_20180626_KERNEL_ON_SL7_X.NASL", "SL_20180626_LIBVIRT_ON_SL7_X.NASL", "SL_20180626_QEMU_KVM_ON_SL7_X.NASL", "SL_20180710_KERNEL_ON_SL6_X.NASL", "SL_20180710_QEMU_KVM_ON_SL6_X.NASL", "SL_20181009_KERNEL_ON_SL6_X.NASL", "SL_20181018_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20181018_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL", "SL_20181030_GNUTLS_ON_SL7_X.NASL", "SL_20181030_JASPER_ON_SL7_X.NASL", "SL_20181030_JAVA_1_7_0_OPENJDK_ON_SL7_X.NASL", "SL_20181030_KERNEL_ON_SL7_X.NASL", "SL_20181030_KRB5_ON_SL7_X.NASL", "SL_20181030_PYTHON_ON_SL7_X.NASL", "SL_20181030_SETUP_ON_SL7_X.NASL", "SL_20181030_WGET_ON_SL7_X.NASL", "SL_20181031_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20181107_JAVA_11_OPENJDK_ON_SL7_X.NASL", "SL_20181127_NETWORKMANAGER_ON_SL7_X.NASL", "SL_20190114_SYSTEMD_ON_SL7_X.NASL", "SMB_NT_MS18_AUG_MICROCODE.NASL", "SMB_NT_MS18_MAY_4103716.NASL", "SMB_NT_MS18_MAY_4103718.NASL", "SMB_NT_MS18_MAY_4103721.NASL", "SMB_NT_MS18_MAY_4103723.NASL", "SMB_NT_MS18_MAY_4103725.NASL", "SMB_NT_MS18_MAY_4103727.NASL", "SMB_NT_MS18_MAY_4103730.NASL", "SMB_NT_MS18_MAY_4103731.NASL", "SMB_NT_MS18_MAY_WIN2008.NASL", "SMB_NT_MS19_FEB_OOB_MICROCODE.NASL", "SMB_NT_MS19_JAN_4480963.NASL", "SMB_NT_MS19_JAN_4480970.NASL", "SMB_NT_MS19_MAR_OOB_MICROCODE.NASL", "SOLARIS_JAN2019_SRU11_4_3_5_0.NASL", "SPLUNK_6334.NASL", "STRUTS_CLASSLOADER_MANIPULATION.NASL", "SUN_JAVA_WEB_SERVER_7_0_27.NASL", "SUSE_SU-2016-0617-1.NASL", "SUSE_SU-2016-0620-1.NASL", "SUSE_SU-2016-0624-1.NASL", "SUSE_SU-2016-0631-1.NASL", "SUSE_SU-2017-0431-1.NASL", "SUSE_SU-2017-0441-1.NASL", "SUSE_SU-2017-0855-1.NASL", "SUSE_SU-2017-1047-1.NASL", "SUSE_SU-2017-1048-1.NASL", "SUSE_SU-2017-1052-1.NASL", "SUSE_SU-2017-1901-1.NASL", "SUSE_SU-2017-1916-1.NASL", "SUSE_SU-2017-3169-1.NASL", "SUSE_SU-2017-3210-1.NASL", "SUSE_SU-2017-3225-1.NASL", "SUSE_SU-2017-3226-1.NASL", "SUSE_SU-2017-3249-1.NASL", "SUSE_SU-2017-3287-1.NASL", "SUSE_SU-2017-3289-1.NASL", "SUSE_SU-2017-3293-1.NASL", "SUSE_SU-2017-3299-1.NASL", "SUSE_SU-2017-3301-1.NASL", "SUSE_SU-2017-3302-1.NASL", "SUSE_SU-2017-3303-1.NASL", "SUSE_SU-2017-3304-1.NASL", "SUSE_SU-2017-3305-1.NASL", "SUSE_SU-2017-3307-1.NASL", "SUSE_SU-2017-3308-1.NASL", "SUSE_SU-2017-3309-1.NASL", "SUSE_SU-2017-3312-1.NASL", "SUSE_SU-2017-3313-1.NASL", "SUSE_SU-2017-3316-1.NASL", "SUSE_SU-2017-3318-1.NASL", "SUSE_SU-2017-3320-1.NASL", "SUSE_SU-2017-3321-1.NASL", "SUSE_SU-2017-3322-1.NASL", "SUSE_SU-2017-3323-1.NASL", "SUSE_SU-2017-3332-1.NASL", "SUSE_SU-2017-3336-1.NASL", "SUSE_SU-2017-3337-1.NASL", "SUSE_SU-2017-3338-1.NASL", "SUSE_SU-2017-3340-1.NASL", "SUSE_SU-2017-3343-1.NASL", "SUSE_SU-2018-0002-1.NASL", "SUSE_SU-2018-0011-1.NASL", "SUSE_SU-2018-0040-1.NASL", "SUSE_SU-2018-0053-1.NASL", "SUSE_SU-2018-0074-1.NASL", "SUSE_SU-2018-0237-1.NASL", "SUSE_SU-2018-0238-1.NASL", "SUSE_SU-2018-0239-1.NASL", "SUSE_SU-2018-0240-1.NASL", "SUSE_SU-2018-0241-1.NASL", "SUSE_SU-2018-0242-1.NASL", "SUSE_SU-2018-0244-1.NASL", "SUSE_SU-2018-0245-1.NASL", "SUSE_SU-2018-0249-1.NASL", "SUSE_SU-2018-0250-1.NASL", "SUSE_SU-2018-0251-1.NASL", "SUSE_SU-2018-0252-1.NASL", "SUSE_SU-2018-0253-1.NASL", "SUSE_SU-2018-0265-1.NASL", "SUSE_SU-2018-0266-1.NASL", "SUSE_SU-2018-0268-1.NASL", "SUSE_SU-2018-0270-1.NASL", "SUSE_SU-2018-0271-1.NASL", "SUSE_SU-2018-0274-1.NASL", "SUSE_SU-2018-0275-1.NASL", "SUSE_SU-2018-0276-1.NASL", "SUSE_SU-2018-0293-1.NASL", "SUSE_SU-2018-0299-1.NASL", "SUSE_SU-2018-0339-1.NASL", "SUSE_SU-2018-0383-1.NASL", "SUSE_SU-2018-0416-1.NASL", "SUSE_SU-2018-0451-1.NASL", "SUSE_SU-2018-0555-1.NASL", "SUSE_SU-2018-0565-1.NASL", "SUSE_SU-2018-0630-1.NASL", "SUSE_SU-2018-0645-1.NASL", "SUSE_SU-2018-0660-1.NASL", "SUSE_SU-2018-0661-1.NASL", "SUSE_SU-2018-0663-1.NASL", "SUSE_SU-2018-0665-1.NASL", "SUSE_SU-2018-0694-1.NASL", "SUSE_SU-2018-0743-1.NASL", "SUSE_SU-2018-0785-1.NASL", "SUSE_SU-2018-0786-1.NASL", "SUSE_SU-2018-0834-1.NASL", "SUSE_SU-2018-0846-1.NASL", "SUSE_SU-2018-0848-1.NASL", "SUSE_SU-2018-0859-1.NASL", "SUSE_SU-2018-0988-1.NASL", "SUSE_SU-2018-0989-1.NASL", "SUSE_SU-2018-0990-1.NASL", "SUSE_SU-2018-0992-1.NASL", "SUSE_SU-2018-0993-1.NASL", "SUSE_SU-2018-0994-1.NASL", "SUSE_SU-2018-0995-1.NASL", "SUSE_SU-2018-0996-1.NASL", "SUSE_SU-2018-0999-1.NASL", "SUSE_SU-2018-1000-1.NASL", "SUSE_SU-2018-1001-1.NASL", "SUSE_SU-2018-1003-1.NASL", "SUSE_SU-2018-1004-1.NASL", "SUSE_SU-2018-1005-1.NASL", "SUSE_SU-2018-1006-1.NASL", "SUSE_SU-2018-1007-1.NASL", "SUSE_SU-2018-1008-1.NASL", "SUSE_SU-2018-1009-1.NASL", "SUSE_SU-2018-1010-1.NASL", "SUSE_SU-2018-1011-1.NASL", "SUSE_SU-2018-1012-1.NASL", "SUSE_SU-2018-1014-1.NASL", "SUSE_SU-2018-1015-1.NASL", "SUSE_SU-2018-1016-1.NASL", "SUSE_SU-2018-1018-1.NASL", "SUSE_SU-2018-1019-1.NASL", "SUSE_SU-2018-1021-1.NASL", "SUSE_SU-2018-1023-1.NASL", "SUSE_SU-2018-1025-1.NASL", "SUSE_SU-2018-1026-1.NASL", "SUSE_SU-2018-1029-1.NASL", "SUSE_SU-2018-1030-1.NASL", "SUSE_SU-2018-1031-1.NASL", "SUSE_SU-2018-1032-1.NASL", "SUSE_SU-2018-1033-1.NASL", "SUSE_SU-2018-1034-1.NASL", "SUSE_SU-2018-1048-1.NASL", "SUSE_SU-2018-1171-1.NASL", "SUSE_SU-2018-1172-1.NASL", "SUSE_SU-2018-1173-1.NASL", "SUSE_SU-2018-1173-2.NASL", "SUSE_SU-2018-1177-1.NASL", "SUSE_SU-2018-1181-1.NASL", "SUSE_SU-2018-1184-1.NASL", "SUSE_SU-2018-1202-1.NASL", "SUSE_SU-2018-1203-1.NASL", "SUSE_SU-2018-1216-1.NASL", "SUSE_SU-2018-1220-1.NASL", "SUSE_SU-2018-1221-1.NASL", "SUSE_SU-2018-1222-1.NASL", "SUSE_SU-2018-1223-1.NASL", "SUSE_SU-2018-1224-1.NASL", "SUSE_SU-2018-1226-1.NASL", "SUSE_SU-2018-1227-1.NASL", "SUSE_SU-2018-1229-1.NASL", "SUSE_SU-2018-1230-1.NASL", "SUSE_SU-2018-1231-1.NASL", "SUSE_SU-2018-1232-1.NASL", "SUSE_SU-2018-1233-1.NASL", "SUSE_SU-2018-1234-1.NASL", "SUSE_SU-2018-1235-1.NASL", "SUSE_SU-2018-1236-1.NASL", "SUSE_SU-2018-1237-1.NASL", "SUSE_SU-2018-1239-1.NASL", "SUSE_SU-2018-1241-1.NASL", "SUSE_SU-2018-1242-1.NASL", "SUSE_SU-2018-1243-1.NASL", "SUSE_SU-2018-1244-1.NASL", "SUSE_SU-2018-1245-1.NASL", "SUSE_SU-2018-1247-1.NASL", "SUSE_SU-2018-1250-1.NASL", "SUSE_SU-2018-1251-1.NASL", "SUSE_SU-2018-1253-1.NASL", "SUSE_SU-2018-1254-1.NASL", "SUSE_SU-2018-1255-1.NASL", "SUSE_SU-2018-1256-1.NASL", "SUSE_SU-2018-1257-1.NASL", "SUSE_SU-2018-1258-1.NASL", "SUSE_SU-2018-1259-1.NASL", "SUSE_SU-2018-1261-1.NASL", "SUSE_SU-2018-1262-1.NASL", "SUSE_SU-2018-1264-1.NASL", "SUSE_SU-2018-1266-1.NASL", "SUSE_SU-2018-1267-1.NASL", "SUSE_SU-2018-1268-1.NASL", "SUSE_SU-2018-1269-1.NASL", "SUSE_SU-2018-1272-1.NASL", "SUSE_SU-2018-1273-1.NASL", "SUSE_SU-2018-1362-1.NASL", "SUSE_SU-2018-1362-2.NASL", "SUSE_SU-2018-1363-1.NASL", "SUSE_SU-2018-1366-1.NASL", "SUSE_SU-2018-1367-1.NASL", "SUSE_SU-2018-1368-1.NASL", "SUSE_SU-2018-1373-1.NASL", "SUSE_SU-2018-1374-1.NASL", "SUSE_SU-2018-1375-1.NASL", "SUSE_SU-2018-1376-1.NASL", "SUSE_SU-2018-1377-1.NASL", "SUSE_SU-2018-1377-2.NASL", "SUSE_SU-2018-1378-1.NASL", "SUSE_SU-2018-1386-1.NASL", "SUSE_SU-2018-1389-1.NASL", "SUSE_SU-2018-1425-1.NASL", "SUSE_SU-2018-1447-1.NASL", "SUSE_SU-2018-1452-1.NASL", "SUSE_SU-2018-1456-1.NASL", "SUSE_SU-2018-1458-1.NASL", "SUSE_SU-2018-1475-1.NASL", "SUSE_SU-2018-1479-1.NASL", "SUSE_SU-2018-1505-1.NASL", "SUSE_SU-2018-1506-1.NASL", "SUSE_SU-2018-1508-1.NASL", "SUSE_SU-2018-1509-1.NASL", "SUSE_SU-2018-1510-1.NASL", "SUSE_SU-2018-1511-1.NASL", "SUSE_SU-2018-1512-1.NASL", "SUSE_SU-2018-1513-1.NASL", "SUSE_SU-2018-1514-1.NASL", "SUSE_SU-2018-1516-1.NASL", "SUSE_SU-2018-1517-1.NASL", "SUSE_SU-2018-1518-1.NASL", "SUSE_SU-2018-1519-1.NASL", "SUSE_SU-2018-1520-1.NASL", "SUSE_SU-2018-1521-1.NASL", "SUSE_SU-2018-1522-1.NASL", "SUSE_SU-2018-1523-1.NASL", "SUSE_SU-2018-1524-1.NASL", "SUSE_SU-2018-1525-1.NASL", "SUSE_SU-2018-1526-1.NASL", "SUSE_SU-2018-1528-1.NASL", "SUSE_SU-2018-1529-1.NASL", "SUSE_SU-2018-1530-1.NASL", "SUSE_SU-2018-1531-1.NASL", "SUSE_SU-2018-1532-1.NASL", "SUSE_SU-2018-1533-1.NASL", "SUSE_SU-2018-1534-1.NASL", "SUSE_SU-2018-1535-1.NASL", "SUSE_SU-2018-1536-1.NASL", "SUSE_SU-2018-1537-1.NASL", "SUSE_SU-2018-1538-1.NASL", "SUSE_SU-2018-1539-1.NASL", "SUSE_SU-2018-1540-1.NASL", "SUSE_SU-2018-1541-1.NASL", "SUSE_SU-2018-1543-1.NASL", "SUSE_SU-2018-1545-1.NASL", "SUSE_SU-2018-1546-1.NASL", "SUSE_SU-2018-1548-1.NASL", "SUSE_SU-2018-1549-1.NASL", "SUSE_SU-2018-1550-1.NASL", "SUSE_SU-2018-1551-1.NASL", "SUSE_SU-2018-1582-1.NASL", "SUSE_SU-2018-1603-1.NASL", "SUSE_SU-2018-1614-1.NASL", "SUSE_SU-2018-1614-2.NASL", "SUSE_SU-2018-1658-1.NASL", "SUSE_SU-2018-1699-1.NASL", "SUSE_SU-2018-1699-2.NASL", "SUSE_SU-2018-1738-1.NASL", "SUSE_SU-2018-1738-2.NASL", "SUSE_SU-2018-1764-1.NASL", "SUSE_SU-2018-1764-2.NASL", "SUSE_SU-2018-1855-1.NASL", "SUSE_SU-2018-1855-2.NASL", "SUSE_SU-2018-1926-1.NASL", "SUSE_SU-2018-1935-1.NASL", "SUSE_SU-2018-1935-2.NASL", "SUSE_SU-2018-2068-1.NASL", "SUSE_SU-2018-2076-1.NASL", "SUSE_SU-2018-2082-1.NASL", "SUSE_SU-2018-2083-1.NASL", "SUSE_SU-2018-2092-1.NASL", "SUSE_SU-2018-2141-1.NASL", "SUSE_SU-2018-2185-1.NASL", "SUSE_SU-2018-2187-1.NASL", "SUSE_SU-2018-2304-1.NASL", "SUSE_SU-2018-2331-1.NASL", "SUSE_SU-2018-2331-2.NASL", "SUSE_SU-2018-2332-1.NASL", "SUSE_SU-2018-2335-1.NASL", "SUSE_SU-2018-2338-1.NASL", "SUSE_SU-2018-2340-1.NASL", "SUSE_SU-2018-2344-1.NASL", "SUSE_SU-2018-2344-2.NASL", "SUSE_SU-2018-2366-1.NASL", "SUSE_SU-2018-2374-1.NASL", "SUSE_SU-2018-2380-1.NASL", "SUSE_SU-2018-2408-1.NASL", "SUSE_SU-2018-2528-1.NASL", "SUSE_SU-2018-2556-1.NASL", "SUSE_SU-2018-2565-1.NASL", "SUSE_SU-2018-2574-1.NASL", "SUSE_SU-2018-2583-1.NASL", "SUSE_SU-2018-2615-1.NASL", "SUSE_SU-2018-2649-1.NASL", "SUSE_SU-2018-2649-2.NASL", "SUSE_SU-2018-2650-1.NASL", "SUSE_SU-2018-2696-1.NASL", "SUSE_SU-2018-2825-1.NASL", "SUSE_SU-2018-2825-2.NASL", "SUSE_SU-2018-2839-1.NASL", "SUSE_SU-2018-2839-2.NASL", "SUSE_SU-2018-2842-1.NASL", "SUSE_SU-2018-2883-1.NASL", "SUSE_SU-2018-2930-1.NASL", "SUSE_SU-2018-2973-1.NASL", "SUSE_SU-2018-2973-2.NASL", "SUSE_SU-2018-3045-1.NASL", "SUSE_SU-2018-3064-1.NASL", "SUSE_SU-2018-3064-2.NASL", "SUSE_SU-2018-3082-1.NASL", "SUSE_SU-2018-3230-1.NASL", "SUSE_SU-2018-3554-1.NASL", "SUSE_SU-2018-3554-2.NASL", "SUSE_SU-2018-3555-1.NASL", "SUSE_SU-2018-3644-1.NASL", "SUSE_SU-2018-3746-1.NASL", "SUSE_SU-2018-3767-1.NASL", "SUSE_SU-2018-3767-2.NASL", "SUSE_SU-2018-3787-1.NASL", "SUSE_SU-2018-3792-1.NASL", "SUSE_SU-2018-3868-1.NASL", "SUSE_SU-2018-3920-1.NASL", "SUSE_SU-2018-3921-1.NASL", "SUSE_SU-2018-3933-1.NASL", "SUSE_SU-2018-4064-1.NASL", "SUSE_SU-2019-0049-1.NASL", "SUSE_SU-2019-0057-1.NASL", "SUSE_SU-2019-0058-1.NASL", "SUSE_SU-2019-0148-1.NASL", "SUSE_SU-2019-0175-1.NASL", "SUSE_SU-2019-0541-1.NASL", "SUSE_SU-2019-0645-1.NASL", "SUSE_SU-2019-0672-1.NASL", "SUSE_SU-2019-1018-1.NASL", "SUSE_SU-2019-1211-1.NASL", "SUSE_SU-2019-1211-2.NASL", "SUSE_SU-2019-1219-1.NASL", "SUSE_SU-2019-1287-1.NASL", "SUSE_SU-2019-1289-1.NASL", "SUSE_SU-2019-13937-1.NASL", "SUSE_SU-2019-1398-1.NASL", "SUSE_SU-2019-1398-2.NASL", "SUSE_SU-2019-1716-1.NASL", "SUSE_SU-2019-2028-1.NASL", "SUSE_SU-2019-2513-1.NASL", "SUSE_SU-2020-0114-1.NASL", "SUSE_SU-2020-0234-1.NASL", "SUSE_SU-2020-0302-1.NASL", "SUSE_SU-2020-1587-1.NASL", "SUSE_SU-2020-1599-1.NASL", "SUSE_SU-2020-1602-1.NASL", "SUSE_SU-2020-1603-1.NASL", "SUSE_SU-2020-1605-1.NASL", "SUSE_SU-2020-1663-1.NASL", "SUSE_SU-2020-2487-1.NASL", "SUSE_SU-2020-2540-1.NASL", "SUSE_SU-2021-3007-1.NASL", "SUSE_SU-2021-3969-1.NASL", "SUSE_SU-2022-2886-1.NASL", "TENABLE_OT_SIEMENS_CVE-2018-3639.NASL", "TOMCAT_6_0_44.NASL", "TOMCAT_7_0_59.NASL", "TOMCAT_8_0_17.NASL", "UBUNTU_USN-2654-1.NASL", "UBUNTU_USN-2655-1.NASL", "UBUNTU_USN-2883-1.NASL", "UBUNTU_USN-2914-1.NASL", "UBUNTU_USN-3181-1.NASL", "UBUNTU_USN-3239-1.NASL", "UBUNTU_USN-3239-2.NASL", "UBUNTU_USN-3349-1.NASL", "UBUNTU_USN-3475-1.NASL", "UBUNTU_USN-3507-1.NASL", "UBUNTU_USN-3507-2.NASL", "UBUNTU_USN-3508-1.NASL", "UBUNTU_USN-3508-2.NASL", "UBUNTU_USN-3509-1.NASL", "UBUNTU_USN-3509-2.NASL", "UBUNTU_USN-3509-3.NASL", "UBUNTU_USN-3509-4.NASL", "UBUNTU_USN-3510-1.NASL", "UBUNTU_USN-3511-1.NASL", "UBUNTU_USN-3512-1.NASL", "UBUNTU_USN-3534-1.NASL", "UBUNTU_USN-3558-1.NASL", "UBUNTU_USN-3583-1.NASL", "UBUNTU_USN-3613-1.NASL", "UBUNTU_USN-3614-1.NASL", "UBUNTU_USN-3617-1.NASL", "UBUNTU_USN-3617-2.NASL", "UBUNTU_USN-3619-1.NASL", "UBUNTU_USN-3619-2.NASL", "UBUNTU_USN-3632-1.NASL", "UBUNTU_USN-3641-1.NASL", "UBUNTU_USN-3643-1.NASL", "UBUNTU_USN-3644-1.NASL", "UBUNTU_USN-3652-1.NASL", "UBUNTU_USN-3653-1.NASL", "UBUNTU_USN-3653-2.NASL", "UBUNTU_USN-3654-1.NASL", "UBUNTU_USN-3654-2.NASL", "UBUNTU_USN-3655-1.NASL", "UBUNTU_USN-3656-1.NASL", "UBUNTU_USN-3674-1.NASL", "UBUNTU_USN-3677-1.NASL", "UBUNTU_USN-3677-2.NASL", "UBUNTU_USN-3679-1.NASL", "UBUNTU_USN-3680-1.NASL", "UBUNTU_USN-3693-1.NASL", "UBUNTU_USN-3712-1.NASL", "UBUNTU_USN-3740-1.NASL", "UBUNTU_USN-3740-2.NASL", "UBUNTU_USN-3741-1.NASL", "UBUNTU_USN-3741-2.NASL", "UBUNTU_USN-3741-3.NASL", "UBUNTU_USN-3742-1.NASL", "UBUNTU_USN-3756-1.NASL", "UBUNTU_USN-3777-3.NASL", "UBUNTU_USN-3804-1.NASL", "UBUNTU_USN-3806-1.NASL", "UBUNTU_USN-3807-1.NASL", "UBUNTU_USN-3817-1.NASL", "UBUNTU_USN-3824-1.NASL", "UBUNTU_USN-3999-1.NASL", "UBUNTU_USN-5768-1.NASL", "VIRTUALBOX_5_2_6.NASL", "VIRTUOZZO_VZA-2017-109.NASL", "VIRTUOZZO_VZA-2017-110.NASL", "VIRTUOZZO_VZA-2017-111.NASL", "VIRTUOZZO_VZA-2017-114.NASL", "VIRTUOZZO_VZA-2018-004.NASL", "VIRTUOZZO_VZA-2018-005.NASL", "VIRTUOZZO_VZA-2018-014.NASL", "VIRTUOZZO_VZA-2018-015.NASL", "VIRTUOZZO_VZA-2018-017.NASL", "VIRTUOZZO_VZA-2018-029.NASL", "VIRTUOZZO_VZA-2018-030.NASL", "VIRTUOZZO_VZA-2018-033.NASL", "VIRTUOZZO_VZA-2018-034.NASL", "VIRTUOZZO_VZA-2018-037.NASL", "VIRTUOZZO_VZA-2018-048.NASL", "VIRTUOZZO_VZA-2018-075.NASL", "VIRTUOZZO_VZLSA-2017-3071.NASL", "VIRTUOZZO_VZLSA-2018-2942.NASL", "VIRTUOZZO_VZLSA-2018-2943.NASL", "VIRTUOZZO_VZLSA-2018-3409.NASL", "VMWARE_ESXI_6_0_BUILD_5485776_REMOTE.NASL", "VMWARE_ESXI_VMSA-2018-0012.NASL", "VMWARE_VCENTER_VMSA-2014-0008.NASL", "VMWARE_VMSA-2014-0008.NASL", "VMWARE_VMSA-2018-0012.NASL", "WEBSPHERE_711779.NASL", "WEBSPHERE_711865.NASL", "WEBSPHERE_729547.NASL", "WEBSPHERE_729557.NASL", "WEBSPHERE_7_0_0_33.NASL", "WEBSPHERE_CVE-2018-1567.NASL", "WEBSPHERE_CVE-2018-1719.NASL", "WEBSPHERE_CVE-2018-1794.NASL", "WEBSPHERE_CVE-2018-1901.NASL", "WEBSPHERE_CVE-2018-1904.NASL", "WEBSPHERE_PORTAL_7_0_0_2_CF29.NASL", "WEBSPHERE_PORTAL_8_5_0_0_CF02.NASL", "WEBSPHERE_PORTAL_CVE-2014-0114.NASL", "XEN_SERVER_XSA-260.NASL"]}, {"type": "nodejsblog", "idList": ["NODEJSBLOG:DECEMBER-2017-SECURITY-RELEASES", "NODEJSBLOG:FEBRUARY-2016-SECURITY-RELEASES", "NODEJSBLOG:OPENSSL-JANUARY-2017", "NODEJSBLOG:OPENSSL-NOVEMBER-2017"]}, {"type": "nvidia", "idList": ["NVIDIA:4787"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2016-0701", "OPENSSL:CVE-2016-0705", "OPENSSL:CVE-2017-3732", "OPENSSL:CVE-2017-3736", "OPENSSL:CVE-2017-3737", "OPENSSL:CVE-2017-3738", "OPENSSL:CVE-2021-4160"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105086", "OPENVAS:1361412562310105087", "OPENVAS:1361412562310105088", "OPENVAS:1361412562310106354", "OPENVAS:1361412562310106609", "OPENVAS:1361412562310106949", "OPENVAS:1361412562310107203", "OPENVAS:1361412562310107204", "OPENVAS:1361412562310107260", "OPENVAS:1361412562310107268", "OPENVAS:1361412562310107269", "OPENVAS:1361412562310107270", "OPENVAS:1361412562310107832", "OPENVAS:1361412562310107835", "OPENVAS:1361412562310108370", "OPENVAS:1361412562310108766", "OPENVAS:1361412562310108767", "OPENVAS:1361412562310108793", "OPENVAS:1361412562310120646", "OPENVAS:1361412562310120647", "OPENVAS:1361412562310120648", "OPENVAS:1361412562310120651", "OPENVAS:1361412562310120690", "OPENVAS:1361412562310121439", "OPENVAS:1361412562310121457", "OPENVAS:1361412562310122888", "OPENVAS:1361412562310122890", "OPENVAS:1361412562310122909", "OPENVAS:1361412562310123417", "OPENVAS:1361412562310130036", "OPENVAS:1361412562310131222", "OPENVAS:1361412562310131244", "OPENVAS:1361412562310140168", "OPENVAS:1361412562310143949", "OPENVAS:1361412562310702940", "OPENVAS:1361412562310703428", "OPENVAS:1361412562310703447", "OPENVAS:1361412562310703500", "OPENVAS:1361412562310703530", "OPENVAS:1361412562310703536", "OPENVAS:1361412562310704017", "OPENVAS:1361412562310704018", "OPENVAS:1361412562310704065", "OPENVAS:1361412562310704073", "OPENVAS:1361412562310704082", "OPENVAS:1361412562310704144", "OPENVAS:1361412562310704157", "OPENVAS:1361412562310704166", "OPENVAS:1361412562310704187", "OPENVAS:1361412562310704188", "OPENVAS:1361412562310704195", "OPENVAS:1361412562310704196", "OPENVAS:1361412562310704201", "OPENVAS:1361412562310704210", "OPENVAS:1361412562310704272", "OPENVAS:1361412562310704273", "OPENVAS:1361412562310704306", "OPENVAS:1361412562310704307", "OPENVAS:1361412562310704326", "OPENVAS:1361412562310704469", "OPENVAS:1361412562310805701", "OPENVAS:1361412562310805702", "OPENVAS:1361412562310806673", "OPENVAS:1361412562310806674", "OPENVAS:1361412562310807097", "OPENVAS:1361412562310807098", "OPENVAS:1361412562310807228", "OPENVAS:1361412562310807460", "OPENVAS:1361412562310807598", "OPENVAS:1361412562310807927", "OPENVAS:1361412562310807969", "OPENVAS:1361412562310808302", "OPENVAS:1361412562310808352", "OPENVAS:1361412562310808374", "OPENVAS:1361412562310808407", "OPENVAS:1361412562310808523", "OPENVAS:1361412562310808530", "OPENVAS:1361412562310808538", "OPENVAS:1361412562310809478", "OPENVAS:1361412562310810542", "OPENVAS:1361412562310810678", "OPENVAS:1361412562310810748", "OPENVAS:1361412562310811440", "OPENVAS:1361412562310811441", "OPENVAS:1361412562310811790", "OPENVAS:1361412562310812055", "OPENVAS:1361412562310812639", "OPENVAS:1361412562310812648", "OPENVAS:1361412562310812649", "OPENVAS:1361412562310813098", "OPENVAS:1361412562310813307", "OPENVAS:1361412562310813336", "OPENVAS:1361412562310813338", "OPENVAS:1361412562310813339", "OPENVAS:1361412562310813340", "OPENVAS:1361412562310813341", "OPENVAS:1361412562310813342", "OPENVAS:1361412562310813346", "OPENVAS:1361412562310813512", "OPENVAS:1361412562310813546", "OPENVAS:1361412562310813547", "OPENVAS:1361412562310813652", "OPENVAS:1361412562310813682", "OPENVAS:1361412562310813683", "OPENVAS:1361412562310813686", "OPENVAS:1361412562310813687", "OPENVAS:1361412562310814003", "OPENVAS:1361412562310814011", "OPENVAS:1361412562310814012", "OPENVAS:1361412562310814013", "OPENVAS:1361412562310814014", "OPENVAS:1361412562310814015", "OPENVAS:1361412562310814097", "OPENVAS:1361412562310814099", "OPENVAS:1361412562310814100", "OPENVAS:1361412562310814215", "OPENVAS:1361412562310814340", "OPENVAS:1361412562310814341", "OPENVAS:1361412562310814342", "OPENVAS:1361412562310814344", "OPENVAS:1361412562310814345", "OPENVAS:1361412562310814402", "OPENVAS:1361412562310814403", "OPENVAS:1361412562310814405", "OPENVAS:1361412562310814406", "OPENVAS:1361412562310814408", "OPENVAS:1361412562310814425", "OPENVAS:1361412562310814649", "OPENVAS:1361412562310814650", "OPENVAS:1361412562310842260", "OPENVAS:1361412562310842262", "OPENVAS:1361412562310842620", "OPENVAS:1361412562310842671", "OPENVAS:1361412562310843029", "OPENVAS:1361412562310843099", "OPENVAS:1361412562310843104", "OPENVAS:1361412562310843238", "OPENVAS:1361412562310843360", "OPENVAS:1361412562310843393", "OPENVAS:1361412562310843394", "OPENVAS:1361412562310843395", "OPENVAS:1361412562310843396", "OPENVAS:1361412562310843397", "OPENVAS:1361412562310843398", "OPENVAS:1361412562310843399", "OPENVAS:1361412562310843400", "OPENVAS:1361412562310843401", "OPENVAS:1361412562310843402", "OPENVAS:1361412562310843403", "OPENVAS:1361412562310843422", "OPENVAS:1361412562310843440", "OPENVAS:1361412562310843461", "OPENVAS:1361412562310843490", "OPENVAS:1361412562310843491", "OPENVAS:1361412562310843492", "OPENVAS:1361412562310843493", "OPENVAS:1361412562310843496", "OPENVAS:1361412562310843497", "OPENVAS:1361412562310843509", "OPENVAS:1361412562310843518", "OPENVAS:1361412562310843522", "OPENVAS:1361412562310843528", "OPENVAS:1361412562310843529", "OPENVAS:1361412562310843530", "OPENVAS:1361412562310843531", "OPENVAS:1361412562310843532", "OPENVAS:1361412562310843533", "OPENVAS:1361412562310843535", "OPENVAS:1361412562310843549", "OPENVAS:1361412562310843552", "OPENVAS:1361412562310843554", "OPENVAS:1361412562310843557", "OPENVAS:1361412562310843558", "OPENVAS:1361412562310843570", "OPENVAS:1361412562310843612", "OPENVAS:1361412562310843613", "OPENVAS:1361412562310843614", "OPENVAS:1361412562310843616", "OPENVAS:1361412562310843617", "OPENVAS:1361412562310843620", "OPENVAS:1361412562310843629", "OPENVAS:1361412562310843664", "OPENVAS:1361412562310843753", "OPENVAS:1361412562310843780", "OPENVAS:1361412562310843799", "OPENVAS:1361412562310843803", "OPENVAS:1361412562310843804", "OPENVAS:1361412562310843805", "OPENVAS:1361412562310843817", "OPENVAS:1361412562310843826", "OPENVAS:1361412562310844030", "OPENVAS:1361412562310851219", "OPENVAS:1361412562310851220", "OPENVAS:1361412562310851221", "OPENVAS:1361412562310851222", "OPENVAS:1361412562310851316", "OPENVAS:1361412562310851337", "OPENVAS:1361412562310851665", "OPENVAS:1361412562310851666", "OPENVAS:1361412562310851667", "OPENVAS:1361412562310851683", "OPENVAS:1361412562310851688", "OPENVAS:1361412562310851698", "OPENVAS:1361412562310851703", "OPENVAS:1361412562310851708", "OPENVAS:1361412562310851714", "OPENVAS:1361412562310851717", "OPENVAS:1361412562310851723", "OPENVAS:1361412562310851731", "OPENVAS:1361412562310851734", "OPENVAS:1361412562310851742", "OPENVAS:1361412562310851756", "OPENVAS:1361412562310851759", "OPENVAS:1361412562310851762", "OPENVAS:1361412562310851773", "OPENVAS:1361412562310851795", "OPENVAS:1361412562310851811", "OPENVAS:1361412562310851854", "OPENVAS:1361412562310851858", "OPENVAS:1361412562310851863", "OPENVAS:1361412562310851890", "OPENVAS:1361412562310851913", "OPENVAS:1361412562310851935", "OPENVAS:1361412562310851952", "OPENVAS:1361412562310851963", "OPENVAS:1361412562310851978", "OPENVAS:1361412562310851989", "OPENVAS:1361412562310851996", "OPENVAS:1361412562310851999", "OPENVAS:1361412562310852002", "OPENVAS:1361412562310852014", "OPENVAS:1361412562310852029", "OPENVAS:1361412562310852055", "OPENVAS:1361412562310852087", "OPENVAS:1361412562310852114", "OPENVAS:1361412562310852118", "OPENVAS:1361412562310852121", "OPENVAS:1361412562310852128", "OPENVAS:1361412562310852228", "OPENVAS:1361412562310852231", "OPENVAS:1361412562310852273", "OPENVAS:1361412562310852327", "OPENVAS:1361412562310852467", "OPENVAS:1361412562310852515", "OPENVAS:1361412562310852516", "OPENVAS:1361412562310852547", "OPENVAS:1361412562310853008", "OPENVAS:1361412562310853206", "OPENVAS:1361412562310868112", "OPENVAS:1361412562310869914", "OPENVAS:1361412562310871164", "OPENVAS:1361412562310871564", "OPENVAS:1361412562310871581", "OPENVAS:1361412562310871670", "OPENVAS:1361412562310872342", "OPENVAS:1361412562310872359", "OPENVAS:1361412562310872533", "OPENVAS:1361412562310872584", "OPENVAS:1361412562310872908", "OPENVAS:1361412562310872921", "OPENVAS:1361412562310873117", "OPENVAS:1361412562310873298", "OPENVAS:1361412562310873437", "OPENVAS:1361412562310873530", "OPENVAS:1361412562310873627", "OPENVAS:1361412562310873748", "OPENVAS:1361412562310873785", "OPENVAS:1361412562310873829", "OPENVAS:1361412562310873837", "OPENVAS:1361412562310874049", "OPENVAS:1361412562310874133", "OPENVAS:1361412562310874179", "OPENVAS:1361412562310874254", "OPENVAS:1361412562310874261", "OPENVAS:1361412562310874347", "OPENVAS:1361412562310874351", "OPENVAS:1361412562310874352", "OPENVAS:1361412562310874353", "OPENVAS:1361412562310874354", "OPENVAS:1361412562310874355", "OPENVAS:1361412562310874437", "OPENVAS:1361412562310874438", "OPENVAS:1361412562310874448", "OPENVAS:1361412562310874540", "OPENVAS:1361412562310874580", "OPENVAS:1361412562310874600", "OPENVAS:1361412562310874606", "OPENVAS:1361412562310874611", "OPENVAS:1361412562310874616", "OPENVAS:1361412562310874619", "OPENVAS:1361412562310874620", "OPENVAS:1361412562310874623", "OPENVAS:1361412562310874639", "OPENVAS:1361412562310874642", "OPENVAS:1361412562310874645", "OPENVAS:1361412562310874647", "OPENVAS:1361412562310874659", "OPENVAS:1361412562310874675", "OPENVAS:1361412562310874695", "OPENVAS:1361412562310874710", "OPENVAS:1361412562310874719", "OPENVAS:1361412562310874720", "OPENVAS:1361412562310874721", "OPENVAS:1361412562310874731", "OPENVAS:1361412562310874751", "OPENVAS:1361412562310874755", "OPENVAS:1361412562310874757", "OPENVAS:1361412562310874761", "OPENVAS:1361412562310874763", "OPENVAS:1361412562310874779", "OPENVAS:1361412562310874786", "OPENVAS:1361412562310874801", "OPENVAS:1361412562310874805", "OPENVAS:1361412562310874813", "OPENVAS:1361412562310874860", "OPENVAS:1361412562310874864", "OPENVAS:1361412562310874871", "OPENVAS:1361412562310874886", "OPENVAS:1361412562310874890", "OPENVAS:1361412562310874895", "OPENVAS:1361412562310874908", "OPENVAS:1361412562310874919", "OPENVAS:1361412562310874924", "OPENVAS:1361412562310874954", "OPENVAS:1361412562310874957", "OPENVAS:1361412562310874961", "OPENVAS:1361412562310874964", "OPENVAS:1361412562310874965", "OPENVAS:1361412562310874969", "OPENVAS:1361412562310874988", "OPENVAS:1361412562310874998", "OPENVAS:1361412562310875004", "OPENVAS:1361412562310875005", "OPENVAS:1361412562310875010", "OPENVAS:1361412562310875025", "OPENVAS:1361412562310875066", "OPENVAS:1361412562310875092", "OPENVAS:1361412562310875099", "OPENVAS:1361412562310875128", "OPENVAS:1361412562310875131", "OPENVAS:1361412562310875162", "OPENVAS:1361412562310875170", "OPENVAS:1361412562310875189", "OPENVAS:1361412562310875201", "OPENVAS:1361412562310875239", "OPENVAS:1361412562310875240", "OPENVAS:1361412562310875247", "OPENVAS:1361412562310875255", "OPENVAS:1361412562310875282", "OPENVAS:1361412562310875287", "OPENVAS:1361412562310875303", "OPENVAS:1361412562310875330", "OPENVAS:1361412562310875334", "OPENVAS:1361412562310875349", "OPENVAS:1361412562310875369", "OPENVAS:1361412562310875400", "OPENVAS:1361412562310875407", "OPENVAS:1361412562310875414", "OPENVAS:1361412562310875423", "OPENVAS:1361412562310875438", "OPENVAS:1361412562310875443", "OPENVAS:1361412562310875459", "OPENVAS:1361412562310875464", "OPENVAS:1361412562310875475", "OPENVAS:1361412562310875476", "OPENVAS:1361412562310875502", "OPENVAS:1361412562310875506", "OPENVAS:1361412562310875528", "OPENVAS:1361412562310875537", "OPENVAS:1361412562310875557", "OPENVAS:1361412562310875559", "OPENVAS:1361412562310875566", "OPENVAS:1361412562310875577", "OPENVAS:1361412562310875589", "OPENVAS:1361412562310875645", "OPENVAS:1361412562310875785", "OPENVAS:1361412562310875869", "OPENVAS:1361412562310875894", "OPENVAS:1361412562310876003", "OPENVAS:1361412562310876042", "OPENVAS:1361412562310876143", "OPENVAS:1361412562310876229", "OPENVAS:1361412562310876322", "OPENVAS:1361412562310876377", "OPENVAS:1361412562310876390", "OPENVAS:1361412562310876392", "OPENVAS:1361412562310876661", "OPENVAS:1361412562310876816", "OPENVAS:1361412562310876935", "OPENVAS:1361412562310877798", "OPENVAS:1361412562310877807", "OPENVAS:1361412562310881933", "OPENVAS:1361412562310882404", "OPENVAS:1361412562310882405", "OPENVAS:1361412562310882434", "OPENVAS:1361412562310882575", "OPENVAS:1361412562310882794", "OPENVAS:1361412562310882830", "OPENVAS:1361412562310882831", "OPENVAS:1361412562310882841", "OPENVAS:1361412562310882845", "OPENVAS:1361412562310882846", "OPENVAS:1361412562310882875", "OPENVAS:1361412562310882880", "OPENVAS:1361412562310882881", "OPENVAS:1361412562310882882", "OPENVAS:1361412562310882883", "OPENVAS:1361412562310882884", "OPENVAS:1361412562310882885", "OPENVAS:1361412562310882886", "OPENVAS:1361412562310882887", "OPENVAS:1361412562310882888", "OPENVAS:1361412562310882890", "OPENVAS:1361412562310882900", "OPENVAS:1361412562310882914", "OPENVAS:1361412562310882915", "OPENVAS:1361412562310882917", "OPENVAS:1361412562310882923", "OPENVAS:1361412562310882924", "OPENVAS:1361412562310882957", "OPENVAS:1361412562310882965", "OPENVAS:1361412562310882966", "OPENVAS:1361412562310882972", "OPENVAS:1361412562310882980", "OPENVAS:1361412562310882983", "OPENVAS:1361412562310882984", "OPENVAS:1361412562310882992", "OPENVAS:1361412562310891058", "OPENVAS:1361412562310891339", "OPENVAS:1361412562310891369", "OPENVAS:1361412562310891375", "OPENVAS:1361412562310891383", "OPENVAS:1361412562310891392", "OPENVAS:1361412562310891446", "OPENVAS:1361412562310891466", "OPENVAS:1361412562310891506", "OPENVAS:1361412562310891519", "OPENVAS:1361412562310891520", "OPENVAS:1361412562310891560", "OPENVAS:1361412562310891577", "OPENVAS:1361412562310891580", "OPENVAS:1361412562310891590", "OPENVAS:1361412562310891643", "OPENVAS:1361412562310891715", "OPENVAS:1361412562310891731", "OPENVAS:1361412562310892184", "OPENVAS:1361412562310910002", "OPENVAS:1361412562311220161049", "OPENVAS:1361412562311220171124", "OPENVAS:1361412562311220171125", "OPENVAS:1361412562311220171267", "OPENVAS:1361412562311220171268", "OPENVAS:1361412562311220181026", "OPENVAS:1361412562311220181027", "OPENVAS:1361412562311220181028", "OPENVAS:1361412562311220181031", "OPENVAS:1361412562311220181058", "OPENVAS:1361412562311220181059", "OPENVAS:1361412562311220181115", "OPENVAS:1361412562311220181119", "OPENVAS:1361412562311220181120", "OPENVAS:1361412562311220181121", "OPENVAS:1361412562311220181132", "OPENVAS:1361412562311220181133", "OPENVAS:1361412562311220181153", "OPENVAS:1361412562311220181179", "OPENVAS:1361412562311220181192", "OPENVAS:1361412562311220181193", "OPENVAS:1361412562311220181194", "OPENVAS:1361412562311220181195", "OPENVAS:1361412562311220181196", "OPENVAS:1361412562311220181197", "OPENVAS:1361412562311220181200", "OPENVAS:1361412562311220181201", "OPENVAS:1361412562311220181234", "OPENVAS:1361412562311220181243", "OPENVAS:1361412562311220181256", "OPENVAS:1361412562311220181260", "OPENVAS:1361412562311220181263", "OPENVAS:1361412562311220181264", "OPENVAS:1361412562311220181265", "OPENVAS:1361412562311220181266", "OPENVAS:1361412562311220181267", "OPENVAS:1361412562311220181270", "OPENVAS:1361412562311220181271", "OPENVAS:1361412562311220181278", "OPENVAS:1361412562311220181279", "OPENVAS:1361412562311220181315", "OPENVAS:1361412562311220181316", "OPENVAS:1361412562311220181339", "OPENVAS:1361412562311220181342", "OPENVAS:1361412562311220181348", "OPENVAS:1361412562311220181352", "OPENVAS:1361412562311220181354", "OPENVAS:1361412562311220181361", "OPENVAS:1361412562311220181386", "OPENVAS:1361412562311220181389", "OPENVAS:1361412562311220181394", "OPENVAS:1361412562311220181398", "OPENVAS:1361412562311220181408", "OPENVAS:1361412562311220181416", "OPENVAS:1361412562311220181417", "OPENVAS:1361412562311220181421", "OPENVAS:1361412562311220181425", "OPENVAS:1361412562311220181444", "OPENVAS:1361412562311220191005", "OPENVAS:1361412562311220191026", "OPENVAS:1361412562311220191045", "OPENVAS:1361412562311220191055", "OPENVAS:1361412562311220191060", "OPENVAS:1361412562311220191072", "OPENVAS:1361412562311220191076", "OPENVAS:1361412562311220191085", "OPENVAS:1361412562311220191107", "OPENVAS:1361412562311220191112", "OPENVAS:1361412562311220191119", "OPENVAS:1361412562311220191136", "OPENVAS:1361412562311220191165", "OPENVAS:1361412562311220191167", "OPENVAS:1361412562311220191168", "OPENVAS:1361412562311220191184", "OPENVAS:1361412562311220191203", "OPENVAS:1361412562311220191227", "OPENVAS:1361412562311220191233", "OPENVAS:1361412562311220191246", "OPENVAS:1361412562311220191248", "OPENVAS:1361412562311220191272", "OPENVAS:1361412562311220191292", "OPENVAS:1361412562311220191322", "OPENVAS:1361412562311220191337", "OPENVAS:1361412562311220191383", "OPENVAS:1361412562311220191388", "OPENVAS:1361412562311220191403", "OPENVAS:1361412562311220191409", "OPENVAS:1361412562311220191412", "OPENVAS:1361412562311220191413", "OPENVAS:1361412562311220191416", "OPENVAS:1361412562311220191417", "OPENVAS:1361412562311220191434", "OPENVAS:1361412562311220191450", "OPENVAS:1361412562311220191501", "OPENVAS:1361412562311220191505", "OPENVAS:1361412562311220191512", "OPENVAS:1361412562311220191515", "OPENVAS:1361412562311220191519", "OPENVAS:1361412562311220191537", "OPENVAS:1361412562311220191538", "OPENVAS:1361412562311220191539", "OPENVAS:1361412562311220191546", "OPENVAS:1361412562311220191547", "OPENVAS:1361412562311220191551", "OPENVAS:1361412562311220191552", "OPENVAS:1361412562311220191555", "OPENVAS:1361412562311220191556", "OPENVAS:1361412562311220191584", "OPENVAS:1361412562311220191676", "OPENVAS:1361412562311220191693", "OPENVAS:1361412562311220191743", "OPENVAS:1361412562311220191745", "OPENVAS:1361412562311220191759", "OPENVAS:1361412562311220191777", "OPENVAS:1361412562311220191844", "OPENVAS:1361412562311220191846", "OPENVAS:1361412562311220191903", "OPENVAS:1361412562311220192007", "OPENVAS:1361412562311220192016", "OPENVAS:1361412562311220192030", "OPENVAS:1361412562311220192200", "OPENVAS:1361412562311220192331", "OPENVAS:1361412562311220192332", "OPENVAS:1361412562311220192364", "OPENVAS:1361412562311220192460", "OPENVAS:1361412562311220192468", "OPENVAS:1361412562311220192476", "OPENVAS:1361412562311220201394", "OPENVAS:702940", "OPENVAS:703428", "OPENVAS:703447", "OPENVAS:703500", "OPENVAS:703530", "OPENVAS:703536", "OPENVAS:871164", "OPENVAS:881933"]}, {"type": "openwrt", "idList": ["OPENWRT-SA-000007", "OPENWRT-SA-000008", "OPENWRT-SA-000009"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2016V3", "ORACLE:CPUAPR2017", "ORACLE:CPUAPR2018", "ORACLE:CPUAPR2019", "ORACLE:CPUAPR2020", "ORACLE:CPUAPR2021", "ORACLE:CPUJAN2015", "ORACLE:CPUJAN2017", "ORACLE:CPUJAN2018", "ORACLE:CPUJAN2019", "ORACLE:CPUJAN2020", "ORACLE:CPUJAN2021", "ORACLE:CPUJUL2014-1972956", "ORACLE:CPUJUL2016", "ORACLE:CPUJUL2017", "ORACLE:CPUJUL2018", "ORACLE:CPUJUL2019", "ORACLE:CPUJUL2020", "ORACLE:CPUOCT2014-1972960", "ORACLE:CPUOCT2016", "ORACLE:CPUOCT2017", "ORACLE:CPUOCT2018", "ORACLE:CPUOCT2019", "ORACLE:CPUOCT2020"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-0474", "ELSA-2016-0301", "ELSA-2016-0492", "ELSA-2016-0996", "ELSA-2016-2046", "ELSA-2016-2599", "ELSA-2016-3523", "ELSA-2016-3556", "ELSA-2016-3621", "ELSA-2017-2247", "ELSA-2017-3071", "ELSA-2018-0095", "ELSA-2018-0260", "ELSA-2018-0349", "ELSA-2018-0666", "ELSA-2018-0805", "ELSA-2018-0855", "ELSA-2018-0998", "ELSA-2018-1062", "ELSA-2018-1318", "ELSA-2018-1319", "ELSA-2018-1629", "ELSA-2018-1632", "ELSA-2018-1633", "ELSA-2018-1647", "ELSA-2018-1648", "ELSA-2018-1649", "ELSA-2018-1650", "ELSA-2018-1651", "ELSA-2018-1660", "ELSA-2018-1669", "ELSA-2018-1854", "ELSA-2018-1879", "ELSA-2018-1929", "ELSA-2018-1965", "ELSA-2018-1997", "ELSA-2018-2001", "ELSA-2018-2162", "ELSA-2018-2164", "ELSA-2018-2283", "ELSA-2018-2286", "ELSA-2018-2846", "ELSA-2018-2942", "ELSA-2018-2943", "ELSA-2018-3041", "ELSA-2018-3050", "ELSA-2018-3052", "ELSA-2018-3071", "ELSA-2018-3083", "ELSA-2018-3249", "ELSA-2018-3253", "ELSA-2018-3350", "ELSA-2018-3409", "ELSA-2018-3521", "ELSA-2018-3665", "ELSA-2018-3854", "ELSA-2018-4017", "ELSA-2018-4021", "ELSA-2018-4071", "ELSA-2018-4077", "ELSA-2018-4078", "ELSA-2018-4096", "ELSA-2018-4097", "ELSA-2018-4098", "ELSA-2018-4108", "ELSA-2018-4109", "ELSA-2018-4110", "ELSA-2018-4114", "ELSA-2018-4126", "ELSA-2018-4131", "ELSA-2018-4134", "ELSA-2018-4145", "ELSA-2018-4155", "ELSA-2018-4161", "ELSA-2018-4164", "ELSA-2018-4195", "ELSA-2018-4196", "ELSA-2018-4198", "ELSA-2018-4219", "ELSA-2018-4235", "ELSA-2018-4268", "ELSA-2018-4285", "ELSA-2018-4289", "ELSA-2019-0049", "ELSA-2019-0416", "ELSA-2019-0435", "ELSA-2019-2091", "ELSA-2019-4316", "ELSA-2019-4531", "ELSA-2019-4581", "ELSA-2019-4585", "ELSA-2019-4630", "ELSA-2019-4702", "ELSA-2019-4732", "ELSA-2019-4747", "ELSA-2020-0157", "ELSA-2020-0194", "ELSA-2020-0196", "ELSA-2020-0202", "ELSA-2020-0279", "ELSA-2021-9034", "ELSA-2021-9150"]}, {"type": "osv", "idList": ["OSV:DLA-1058-1", "OSV:DLA-1200-1", "OSV:DLA-1339-1", "OSV:DLA-1369-1", "OSV:DLA-1375-1", "OSV:DLA-1383-1", "OSV:DLA-1392-1", "OSV:DLA-1423-1", "OSV:DLA-1446-1", "OSV:DLA-1466-1", "OSV:DLA-1519-1", "OSV:DLA-1520-1", "OSV:DLA-1529-1", "OSV:DLA-1560-1", "OSV:DLA-1577-1", "OSV:DLA-1580-1", "OSV:DLA-1590-1", "OSV:DLA-1643-1", "OSV:DLA-1715-1", "OSV:DLA-1731-1", "OSV:DLA-2184-1", "OSV:DLA-232-1", "OSV:DLA-2323-1", "OSV:DLA-2771-1", "OSV:DLA-292-1", "OSV:DLA-57-1", "OSV:DLA-611-1", "OSV:DSA-2940-1", "OSV:DSA-3428-1", "OSV:DSA-3447-1", "OSV:DSA-3500-1", "OSV:DSA-3530-1", "OSV:DSA-3536-1", "OSV:DSA-4017-1", "OSV:DSA-4018-1", "OSV:DSA-4065-1", "OSV:DSA-4073-1", "OSV:DSA-4082-1", "OSV:DSA-4144-1", "OSV:DSA-4157-1", "OSV:DSA-4166-1", "OSV:DSA-4187-1", "OSV:DSA-4188-1", "OSV:DSA-4195-1", "OSV:DSA-4196-1", "OSV:DSA-4201-1", "OSV:DSA-4210-1", "OSV:DSA-4272-1", "OSV:DSA-4273-1", "OSV:DSA-4273-2", "OSV:DSA-4306-1", "OSV:DSA-4307-1", "OSV:DSA-4326-1", "OSV:DSA-4469-1", "OSV:GHSA-4C43-CWVX-9CRH", "OSV:GHSA-5GGR-MPGW-3MGX", "OSV:GHSA-7JW3-5Q4W-89QG", "OSV:GHSA-CVVX-R33M-V7PQ", "OSV:GHSA-P66X-2CV9-QQ3V", "OSV:GHSA-Q446-82VQ-W674"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:143369", "PACKETSTORM:147517", "PACKETSTORM:148549", "PACKETSTORM:149050"]}, {"type": "paloalto", "idList": ["PAN-SA-2018-0012"]}, {"type": "photon", "idList": ["PHSA-2017-0001", "PHSA-2017-0008", "PHSA-2017-0055", "PHSA-2017-0076", "PHSA-2017-0082", "PHSA-2017-0088", "PHSA-2017-0093", "PHSA-2017-0095", "PHSA-2017-1.0-0093", "PHSA-2017-1.0-0095", "PHSA-2018-0010", "PHSA-2018-0010-A", "PHSA-2018-0013", "PHSA-2018-0031", "PHSA-2018-0037", "PHSA-2018-0049", "PHSA-2018-0076", "PHSA-2018-0077", "PHSA-2018-0086", "PHSA-2018-0087", "PHSA-2018-0097", "PHSA-2018-0106", "PHSA-2018-0107", "PHSA-2018-0109", "PHSA-2018-0116", "PHSA-2018-0122", "PHSA-2018-0130", "PHSA-2018-0132", "PHSA-2018-0151", "PHSA-2018-0167", "PHSA-2018-0177", "PHSA-2018-0178", "PHSA-2018-0192", "PHSA-2018-0193", "PHSA-2018-1.0-0097-A", "PHSA-2018-1.0-0101", "PHSA-2018-1.0-0122", "PHSA-2018-1.0-0130", "PHSA-2018-1.0-0132-A", "PHSA-2018-1.0-0151", "PHSA-2018-1.0-0167", "PHSA-2018-1.0-0177", "PHSA-2018-1.0-0178", "PHSA-2018-1.0-0192", "PHSA-2018-1.0-0193", "PHSA-2018-2.0-0013", "PHSA-2018-2.0-0037-A", "PHSA-2018-2.0-0049", "PHSA-2018-2.0-0076", "PHSA-2018-2.0-0077", "PHSA-2018-2.0-0086", "PHSA-2018-2.0-0087", "PHSA-2018-2.0-0106", "PHSA-2018-2.0-0107", "PHSA-2018-2.0-0109", "PHSA-2019-0020", "PHSA-2019-0122", "PHSA-2019-0164", "PHSA-2019-0208", "PHSA-2019-0212", "PHSA-2019-0237", "PHSA-2019-0239", "PHSA-2019-1.0-0212", "PHSA-2019-1.0-0239", "PHSA-2019-2.0-0164", "PHSA-2019-3.0-0020", "PHSA-2020-0084", "PHSA-2020-1.0-0290", "PHSA-2020-3.0-0084"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:12D0AED8A6507BA497CB8CC165A00D0A", "QUALYSBLOG:60F322EED1370D8159A8C18F6128C93D"]}, {"type": "redhat", "idList": ["RHSA-2014:0474", "RHSA-2014:0497", "RHSA-2014:0498", "RHSA-2014:0500", "RHSA-2014:0511", "RHSA-2015:1622", "RHSA-2016:0301", "RHSA-2016:0379", "RHSA-2016:0492", "RHSA-2016:2046", "RHSA-2016:22545", "RHSA-2016:2957", "RHSA-2017:3071", "RHSA-2017:3115", "RHSA-2018:0095", "RHSA-2018:0099", "RHSA-2018:0100", "RHSA-2018:0115", "RHSA-2018:0260", "RHSA-2018:0349", "RHSA-2018:0351", "RHSA-2018:0352", "RHSA-2018:0458", "RHSA-2018:0521", "RHSA-2018:0654", "RHSA-2018:0666", "RHSA-2018:0676", "RHSA-2018:0805", "RHSA-2018:0855", "RHSA-2018:0998", "RHSA-2018:1062", "RHSA-2018:1130", "RHSA-2018:1170", "RHSA-2018:1203", "RHSA-2018:1205", "RHSA-2018:1318", "RHSA-2018:1319", "RHSA-2018:1345", "RHSA-2018:1346", "RHSA-2018:1347", "RHSA-2018:1348", "RHSA-2018:1349", "RHSA-2018:1350", "RHSA-2018:1351", "RHSA-2018:1352", "RHSA-2018:1353", "RHSA-2018:1354", "RHSA-2018:1355", "RHSA-2018:1374", "RHSA-2018:1463", "RHSA-2018:1524", "RHSA-2018:1629", "RHSA-2018:1630", "RHSA-2018:1632", "RHSA-2018:1633", "RHSA-2018:1635", "RHSA-2018:1636", "RHSA-2018:1637", "RHSA-2018:1638", "RHSA-2018:1639", "RHSA-2018:1640", "RHSA-2018:1641", "RHSA-2018:1642", "RHSA-2018:1643", "RHSA-2018:1644", "RHSA-2018:1645", "RHSA-2018:1646", "RHSA-2018:1647", "RHSA-2018:1648", "RHSA-2018:1649", "RHSA-2018:1650", "RHSA-2018:1651", "RHSA-2018:1652", "RHSA-2018:1653", "RHSA-2018:1654", "RHSA-2018:1655", "RHSA-2018:1656", "RHSA-2018:1657", "RHSA-2018:1658", "RHSA-2018:1659", "RHSA-2018:1660", "RHSA-2018:1661", "RHSA-2018:1662", "RHSA-2018:1663", "RHSA-2018:1664", "RHSA-2018:1665", "RHSA-2018:1666", "RHSA-2018:1667", "RHSA-2018:1668", "RHSA-2018:1669", "RHSA-2018:1674", "RHSA-2018:1675", "RHSA-2018:1676", "RHSA-2018:1686", "RHSA-2018:1688", "RHSA-2018:1689", "RHSA-2018:1690", "RHSA-2018:1696", "RHSA-2018:1710", "RHSA-2018:1711", "RHSA-2018:1721", "RHSA-2018:1722", "RHSA-2018:1723", "RHSA-2018:1724", "RHSA-2018:1737", "RHSA-2018:1738", "RHSA-2018:1812", "RHSA-2018:1826", "RHSA-2018:1854", "RHSA-2018:1879", "RHSA-2018:1965", "RHSA-2018:1967", "RHSA-2018:1974", "RHSA-2018:1975", "RHSA-2018:1997", "RHSA-2018:2001", "RHSA-2018:2003", "RHSA-2018:2006", "RHSA-2018:2060", "RHSA-2018:2161", "RHSA-2018:2162", "RHSA-2018:2164", "RHSA-2018:2171", "RHSA-2018:2172", "RHSA-2018:2185", "RHSA-2018:2186", "RHSA-2018:2187", "RHSA-2018:2216", "RHSA-2018:2228", "RHSA-2018:2246", "RHSA-2018:2250", "RHSA-2018:2253", "RHSA-2018:2254", "RHSA-2018:2255", "RHSA-2018:2256", "RHSA-2018:2258", "RHSA-2018:2289", "RHSA-2018:2309", "RHSA-2018:2328", "RHSA-2018:2363", "RHSA-2018:2364", "RHSA-2018:2387", "RHSA-2018:2394", "RHSA-2018:2396", "RHSA-2018:2568", "RHSA-2018:2569", "RHSA-2018:2575", "RHSA-2018:2576", "RHSA-2018:2669", "RHSA-2018:2712", "RHSA-2018:2713", "RHSA-2018:2785", "RHSA-2018:2791", "RHSA-2018:2846", "RHSA-2018:2924", "RHSA-2018:2925", "RHSA-2018:2933", "RHSA-2018:2942", "RHSA-2018:2943", "RHSA-2018:2948", "RHSA-2018:3001", "RHSA-2018:3002", "RHSA-2018:3003", "RHSA-2018:3007", "RHSA-2018:3008", "RHSA-2018:3041", "RHSA-2018:3050", "RHSA-2018:3052", "RHSA-2018:3071", "RHSA-2018:3083", "RHSA-2018:3096", "RHSA-2018:3249", "RHSA-2018:3253", "RHSA-2018:3350", "RHSA-2018:3396", "RHSA-2018:3397", "RHSA-2018:3398", "RHSA-2018:3399", "RHSA-2018:3400", "RHSA-2018:3401", "RHSA-2018:3402", "RHSA-2018:3407", "RHSA-2018:3409", "RHSA-2018:3423", "RHSA-2018:3424", "RHSA-2018:3425", "RHSA-2018:3459", "RHSA-2018:3505", "RHSA-2018:3521", "RHSA-2018:3533", "RHSA-2018:3534", "RHSA-2018:3540", "RHSA-2018:3586", "RHSA-2018:3590", "RHSA-2018:3665", "RHSA-2018:3671", "RHSA-2018:3672", "RHSA-2018:3779", "RHSA-2018:3852", "RHSA-2019:0049", "RHSA-2019:1046", "RHSA-2019:1170", "RHSA-2019:1190", "RHSA-2019:1260", "RHSA-2019:2995", "RHSA-2019:3725", "RHSA-2019:4159", "RHSA-2020:1268", "RHSA-2020:1346"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-1181", "RH:CVE-2016-1182", "RH:CVE-2016-9396", "RH:CVE-2017-1000050", "RH:CVE-2017-1000407", "RH:CVE-2017-11368", "RH:CVE-2017-12132", "RH:CVE-2017-15116", "RH:CVE-2017-15670", "RH:CVE-2017-15896", "RH:CVE-2017-16939", "RH:CVE-2017-18017", "RH:CVE-2017-3736", "RH:CVE-2017-3737", "RH:CVE-2017-3738", "RH:CVE-2017-6462", "RH:CVE-2017-6463", "RH:CVE-2017-6464", "RH:CVE-2017-7562", "RH:CVE-2018-0494", "RH:CVE-2018-1000199", "RH:CVE-2018-1049", "RH:CVE-2018-1060", "RH:CVE-2018-1061", "RH:CVE-2018-1068", "RH:CVE-2018-10844", "RH:CVE-2018-10845", "RH:CVE-2018-10846", "RH:CVE-2018-1087", "RH:CVE-2018-10872", "RH:CVE-2018-1091", "RH:CVE-2018-1113", "RH:CVE-2018-12539", "RH:CVE-2018-13785", "RH:CVE-2018-1517", "RH:CVE-2018-15688", "RH:CVE-2018-1656", "RH:CVE-2018-2641", "RH:CVE-2018-2677", "RH:CVE-2018-2783", "RH:CVE-2018-2964", "RH:CVE-2018-2973", "RH:CVE-2018-3136", "RH:CVE-2018-3139", "RH:CVE-2018-3149", "RH:CVE-2018-3169", "RH:CVE-2018-3180", "RH:CVE-2018-3183", "RH:CVE-2018-3214", "RH:CVE-2018-3620", "RH:CVE-2018-3639", "RH:CVE-2018-5391", "RH:CVE-2018-5710", "RH:CVE-2018-5729", "RH:CVE-2018-5730", "RH:CVE-2018-8897", "RH:CVE-2019-3834", "RH:CVE-2021-4160"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30528", "SECURITYVULNS:DOC:30529", "SECURITYVULNS:DOC:30881", "SECURITYVULNS:DOC:32123", "SECURITYVULNS:VULN:13701", "SECURITYVULNS:VULN:13845", "SECURITYVULNS:VULN:13868", "SECURITYVULNS:VULN:14031", "SECURITYVULNS:VULN:14233", "SECURITYVULNS:VULN:14462"]}, {"type": "seebug", "idList": ["SSV:97082"]}, {"type": "slackware", "idList": ["SSA-2016-062-02", "SSA-2017-041-02", "SSA-2017-112-02", "SSA-2017-306-02", "SSA-2017-342-01", "SSA-2018-124-01", "SSA-2018-129-02", "SSA-2018-208-01", "SSA-2019-169-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:0627-1", "OPENSUSE-SU-2016:0628-1", "OPENSUSE-SU-2016:0637-1", "OPENSUSE-SU-2016:0638-1", "OPENSUSE-SU-2016:1332-1", "OPENSUSE-SU-2016:1566-1", "OPENSUSE-SU-2017:3345-1", "OPENSUSE-SU-2017:3358-1", "OPENSUSE-SU-2017:3359-1", "OPENSUSE-SU-2018:0089-1", "OPENSUSE-SU-2018:0223-1", "OPENSUSE-SU-2018:0408-1", "OPENSUSE-SU-2018:0458-1", "OPENSUSE-SU-2018:0494-1", "OPENSUSE-SU-2018:0679-1", "OPENSUSE-SU-2018:0684-1", "OPENSUSE-SU-2018:0781-1", "OPENSUSE-SU-2018:0972-1", "OPENSUSE-SU-2018:1057-1", "OPENSUSE-SU-2018:1274-1", "OPENSUSE-SU-2018:1380-1", "OPENSUSE-SU-2018:1383-1", "OPENSUSE-SU-2018:1418-1", "OPENSUSE-SU-2018:1420-1", "OPENSUSE-SU-2018:1487-1", "OPENSUSE-SU-2018:1621-1", "OPENSUSE-SU-2018:1623-1", "OPENSUSE-SU-2018:1628-1", "OPENSUSE-SU-2018:1773-1", "OPENSUSE-SU-2018:1904-1", "OPENSUSE-SU-2018:2206-1", "OPENSUSE-SU-2018:2247-1", "OPENSUSE-SU-2018:2306-1", "OPENSUSE-SU-2018:2399-1", "OPENSUSE-SU-2018:2402-1", "OPENSUSE-SU-2018:2404-1", "OPENSUSE-SU-2018:2407-1", "OPENSUSE-SU-2018:2712-1", "OPENSUSE-SU-2018:2854-1", "OPENSUSE-SU-2018:2958-1", "OPENSUSE-SU-2018:3057-1", "OPENSUSE-SU-2018:3103-1", "OPENSUSE-SU-2018:3235-1", "OPENSUSE-SU-2018:3695-1", "OPENSUSE-SU-2018:3703-1", "OPENSUSE-SU-2018:3709-1", "OPENSUSE-SU-2018:3803-1", "OPENSUSE-SU-2019:0042-1", "OPENSUSE-SU-2019:0043-1", "OPENSUSE-SU-2019:0139-1", "OPENSUSE-SU-2019:0274-1", "OPENSUSE-SU-2019:1315-1", "OPENSUSE-SU-2019:1438-1", "OPENSUSE-SU-2019:1439-1", "OPENSUSE-SU-2019:1530-1", "OPENSUSE-SU-2020:0086-1", "OPENSUSE-SU-2020:0801-1", "OPENSUSE-SU-2020:1325-1", "SUSE-SU-2014:0902-1", "SUSE-SU-2016:0617-1", "SUSE-SU-2016:0620-1", "SUSE-SU-2016:0621-1", "SUSE-SU-2016:0624-1", "SUSE-SU-2016:0631-1", "SUSE-SU-2016:0748-1", "SUSE-SU-2016:0778-1", "SUSE-SU-2016:0786-1", "SUSE-SU-2016:1057-1", "SUSE-SU-2017:2701-1", "SUSE-SU-2017:3210-1", "SUSE-SU-2017:3225-1", "SUSE-SU-2017:3226-1", "SUSE-SU-2017:3249-1", "SUSE-SU-2017:3284-1", "SUSE-SU-2017:3285-1", "SUSE-SU-2017:3286-1", "SUSE-SU-2017:3287-1", "SUSE-SU-2017:3288-1", "SUSE-SU-2017:3289-1", "SUSE-SU-2017:3290-1", "SUSE-SU-2017:3291-1", "SUSE-SU-2017:3292-1", "SUSE-SU-2017:3293-1", "SUSE-SU-2017:3295-1", "SUSE-SU-2017:3296-1", "SUSE-SU-2017:3297-1", "SUSE-SU-2017:3299-1", "SUSE-SU-2017:3300-1", "SUSE-SU-2017:3301-1", "SUSE-SU-2017:3302-1", "SUSE-SU-2017:3303-1", "SUSE-SU-2017:3304-1", "SUSE-SU-2017:3305-1", "SUSE-SU-2017:3306-1", "SUSE-SU-2017:3307-1", "SUSE-SU-2017:3308-1", "SUSE-SU-2017:3309-1", "SUSE-SU-2017:3310-1", "SUSE-SU-2017:3312-1", "SUSE-SU-2017:3313-1", "SUSE-SU-2017:3314-1", "SUSE-SU-2017:3316-1", "SUSE-SU-2017:3317-1", "SUSE-SU-2017:3318-1", "SUSE-SU-2017:3319-1", "SUSE-SU-2017:3320-1", "SUSE-SU-2017:3321-1", "SUSE-SU-2017:3322-1", "SUSE-SU-2017:3323-1", "SUSE-SU-2017:3324-1", "SUSE-SU-2017:3332-1", "SUSE-SU-2017:3336-1", "SUSE-SU-2017:3337-1", "SUSE-SU-2017:3338-1", "SUSE-SU-2017:3340-1", "SUSE-SU-2017:3343-1", "SUSE-SU-2018:0011-1", "SUSE-SU-2018:0040-1", "SUSE-SU-2018:0074-1", "SUSE-SU-2018:0180-1", "SUSE-SU-2018:0213-1", "SUSE-SU-2018:0237-1", "SUSE-SU-2018:0238-1", "SUSE-SU-2018:0239-1", "SUSE-SU-2018:0240-1", "SUSE-SU-2018:0241-1", "SUSE-SU-2018:0242-1", "SUSE-SU-2018:0244-1", "SUSE-SU-2018:0245-1", "SUSE-SU-2018:0249-1", "SUSE-SU-2018:0250-1", "SUSE-SU-2018:0251-1", "SUSE-SU-2018:0252-1", "SUSE-SU-2018:0253-1", "SUSE-SU-2018:0265-1", "SUSE-SU-2018:0266-1", "SUSE-SU-2018:0268-1", "SUSE-SU-2018:0269-1", "SUSE-SU-2018:0270-1", "SUSE-SU-2018:0271-1", "SUSE-SU-2018:0272-1", "SUSE-SU-2018:0273-1", "SUSE-SU-2018:0274-1", "SUSE-SU-2018:0275-1", "SUSE-SU-2018:0276-1", "SUSE-SU-2018:0277-1", "SUSE-SU-2018:0278-1", "SUSE-SU-2018:0280-1", "SUSE-SU-2018:0281-1", "SUSE-SU-2018:0282-1", "SUSE-SU-2018:0296-1", "SUSE-SU-2018:0297-1", "SUSE-SU-2018:0340-1", "SUSE-SU-2018:0345-1", "SUSE-SU-2018:0346-1", "SUSE-SU-2018:0347-1", "SUSE-SU-2018:0383-1", "SUSE-SU-2018:0416-1", "SUSE-SU-2018:0451-1", "SUSE-SU-2018:0482-1", "SUSE-SU-2018:0555-1", "SUSE-SU-2018:0565-1", "SUSE-SU-2018:0630-1", "SUSE-SU-2018:0645-1", "SUSE-SU-2018:0660-1", "SUSE-SU-2018:0661-1", "SUSE-SU-2018:0663-1", "SUSE-SU-2018:0665-1", "SUSE-SU-2018:0694-1", "SUSE-SU-2018:0743-1", "SUSE-SU-2018:0785-1", "SUSE-SU-2018:0786-1", "SUSE-SU-2018:0834-1", "SUSE-SU-2018:0841-1", "SUSE-SU-2018:0848-1", "SUSE-SU-2018:0986-1", "SUSE-SU-2018:0988-1", "SUSE-SU-2018:0989-1", "SUSE-SU-2018:0990-1", "SUSE-SU-2018:0992-1", "SUSE-SU-2018:0993-1", "SUSE-SU-2018:0994-1", "SUSE-SU-2018:0995-1", "SUSE-SU-2018:0996-1", "SUSE-SU-2018:0997-1", "SUSE-SU-2018:0998-1", "SUSE-SU-2018:0999-1", "SUSE-SU-2018:1000-1", "SUSE-SU-2018:1001-1", "SUSE-SU-2018:1002-1", "SUSE-SU-2018:1003-1", "SUSE-SU-2018:1004-1", "SUSE-SU-2018:1005-1", "SUSE-SU-2018:1006-1", "SUSE-SU-2018:1007-1", "SUSE-SU-2018:1008-1", "SUSE-SU-2018:1009-1", "SUSE-SU-2018:1010-1", "SUSE-SU-2018:1011-1", "SUSE-SU-2018:1012-1", "SUSE-SU-2018:1013-1", "SUSE-SU-2018:1014-1", "SUSE-SU-2018:1015-1", "SUSE-SU-2018:1016-1", "SUSE-SU-2018:1018-1", "SUSE-SU-2018:1019-1", "SUSE-SU-2018:1020-1", "SUSE-SU-2018:1021-1", "SUSE-SU-2018:1022-1", "SUSE-SU-2018:1023-1", "SUSE-SU-2018:1024-1", "SUSE-SU-2018:1025-1", "SUSE-SU-2018:1026-1", "SUSE-SU-2018:1027-1", "SUSE-SU-2018:1028-1", "SUSE-SU-2018:1029-1", "SUSE-SU-2018:1030-1", "SUSE-SU-2018:1031-1", "SUSE-SU-2018:1032-1", "SUSE-SU-2018:1033-1", "SUSE-SU-2018:1034-1", "SUSE-SU-2018:1048-1", "SUSE-SU-2018:1171-1", "SUSE-SU-2018:1172-1", "SUSE-SU-2018:1173-1", "SUSE-SU-2018:1177-1", "SUSE-SU-2018:1181-1", "SUSE-SU-2018:1184-1", "SUSE-SU-2018:1202-1", "SUSE-SU-2018:1203-1", "SUSE-SU-2018:1216-1", "SUSE-SU-2018:1217-1", "SUSE-SU-2018:1220-1", "SUSE-SU-2018:1221-1", "SUSE-SU-2018:1222-1", "SUSE-SU-2018:1223-1", "SUSE-SU-2018:1224-1", "SUSE-SU-2018:1225-1", "SUSE-SU-2018:1226-1", "SUSE-SU-2018:1227-1", "SUSE-SU-2018:1228-1", "SUSE-SU-2018:1229-1", "SUSE-SU-2018:1230-1", "SUSE-SU-2018:1231-1", "SUSE-SU-2018:1232-1", "SUSE-SU-2018:1233-1", "SUSE-SU-2018:1234-1", "SUSE-SU-2018:1235-1", "SUSE-SU-2018:1236-1", "SUSE-SU-2018:1237-1", "SUSE-SU-2018:1238-1", "SUSE-SU-2018:1239-1", "SUSE-SU-2018:1240-1", "SUSE-SU-2018:1241-1", "SUSE-SU-2018:1242-1", "SUSE-SU-2018:1243-1", "SUSE-SU-2018:1244-1", "SUSE-SU-2018:1245-1", "SUSE-SU-2018:1246-1", "SUSE-SU-2018:1247-1", "SUSE-SU-2018:1248-1", "SUSE-SU-2018:1249-1", "SUSE-SU-2018:1250-1", "SUSE-SU-2018:1251-1", "SUSE-SU-2018:1252-1", "SUSE-SU-2018:1253-1", "SUSE-SU-2018:1254-1", "SUSE-SU-2018:1255-1", "SUSE-SU-2018:1256-1", "SUSE-SU-2018:1257-1", "SUSE-SU-2018:1258-1", "SUSE-SU-2018:1259-1", "SUSE-SU-2018:1260-1", "SUSE-SU-2018:1261-1", "SUSE-SU-2018:1262-1", "SUSE-SU-2018:1263-1", "SUSE-SU-2018:1264-1", "SUSE-SU-2018:1266-1", "SUSE-SU-2018:1267-1", "SUSE-SU-2018:1268-1", "SUSE-SU-2018:1269-1", "SUSE-SU-2018:1270-1", "SUSE-SU-2018:1272-1", "SUSE-SU-2018:1273-1"]}, {"type": "symantec", "idList": ["SMNTC-104071", "SMNTC-104232", "SMNTC-105108", "SMNTC-1329", "SMNTC-1347", "SMNTC-1351", "SMNTC-1395", "SMNTC-1403", "SMNTC-1423", "SMNTC-1428", "SMNTC-1467", "SMNTC-91068", "SMNTC-99324"]}, {"type": "talosblog", "idList": ["TALOSBLOG:C19AB95C902B2507E8156BE7B09BE73B"]}, {"type": "tenable", "idList": ["TENABLE:50BE3CD37FC3509DDA43C11702778C75", "TENABLE:FF52F52E6157E81F57A22D9356B954AC"]}, {"type": "thn", "idList": ["THN:B18DB0BB2ACAF13D6FBF3445755365E3", "THN:C4C9BC61AD42FB9F46B30ECA56F71393"]}, {"type": "threatpost", "idList": ["THREATPOST:1C410BC5122B196A58BBDDCDA7A79983", "THREATPOST:8F3BA63C697CD0B0AD4CDF30B9CF0987", "THREATPOST:E454192F36C2E44BAE14AB9B62BE28DB", "THREATPOST:F646E92307240E4B7D00CC0FC73BCE0D"]}, {"type": "tomcat", "idList": ["TOMCAT:A0ABC9DEF20FFFC75FE2C962D481E813", "TOMCAT:A98AD8015F0769C8A7E26579E64B5C0C", "TOMCAT:B34608AC39E41A48C158DAC3326F86C0"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:0CB92F2EE8EC7EB60BEEAFE3A0B1926F"]}, {"type": "ubuntu", "idList": ["USN-2654-1", "USN-2655-1", "USN-2883-1", "USN-2914-1", "USN-3181-1", "USN-3239-1", "USN-3239-2", "USN-3349-1", "USN-3475-1", "USN-3507-1", "USN-3507-2", "USN-3508-1", "USN-3508-2", "USN-3509-1", "USN-3509-2", "USN-3509-3", "USN-3509-4", "USN-3510-1", "USN-3510-2", "USN-3511-1", "USN-3512-1", "USN-3534-1", "USN-3558-1", "USN-3583-1", "USN-3583-2", "USN-3613-1", "USN-3614-1", "USN-3617-1", "USN-3617-2", "USN-3619-1", "USN-3619-2", "USN-3632-1", "USN-3641-1", "USN-3641-2", "USN-3643-1", "USN-3643-2", "USN-3644-1", "USN-3651-1", "USN-3652-1", "USN-3653-1", "USN-3653-2", "USN-3654-1", "USN-3654-2", "USN-3655-1", "USN-3655-2", "USN-3656-1", "USN-3674-1", "USN-3674-2", "USN-3677-1", "USN-3677-2", "USN-3679-1", "USN-3680-1", "USN-3693-1", "USN-3707-2", "USN-3712-1", "USN-3740-1", "USN-3740-2", "USN-3741-1", "USN-3741-2", "USN-3741-3", "USN-3742-1", "USN-3742-2", "USN-3742-3", "USN-3756-1", "USN-3777-1", "USN-3777-2", "USN-3777-3", "USN-3804-1", "USN-3806-1", "USN-3807-1", "USN-3817-1", "USN-3817-2", "USN-3824-1", "USN-3999-1", "USN-4766-1", "USN-5768-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-0114", "UB:CVE-2014-7810", "UB:CVE-2015-0899", "UB:CVE-2015-5180", "UB:CVE-2016-0701", "UB:CVE-2016-0705", "UB:CVE-2016-1181", "UB:CVE-2016-1182", "UB:CVE-2016-5725", "UB:CVE-2016-9396", "UB:CVE-2017-1000050", "UB:CVE-2017-1000407", "UB:CVE-2017-11368", "UB:CVE-2017-12132", "UB:CVE-2017-15116", "UB:CVE-2017-15670", "UB:CVE-2017-15896", "UB:CVE-2017-16939", "UB:CVE-2017-18017", "UB:CVE-2017-3732", "UB:CVE-2017-3736", "UB:CVE-2017-3737", "UB:CVE-2017-3738", "UB:CVE-2017-6462", "UB:CVE-2017-6463", "UB:CVE-2017-6464", "UB:CVE-2017-7562", "UB:CVE-2018-0494", "UB:CVE-2018-1000199", "UB:CVE-2018-1049", "UB:CVE-2018-1060", "UB:CVE-2018-1061", "UB:CVE-2018-1068", "UB:CVE-2018-10844", "UB:CVE-2018-10845", "UB:CVE-2018-10846", "UB:CVE-2018-1087", "UB:CVE-2018-10872", "UB:CVE-2018-1091", "UB:CVE-2018-13785", "UB:CVE-2018-14641", "UB:CVE-2018-1517", "UB:CVE-2018-15688", "UB:CVE-2018-1656", "UB:CVE-2018-2641", "UB:CVE-2018-2677", "UB:CVE-2018-2783", "UB:CVE-2018-2964", "UB:CVE-2018-2973", "UB:CVE-2018-3136", "UB:CVE-2018-3139", "UB:CVE-2018-3149", "UB:CVE-2018-3169", "UB:CVE-2018-3180", "UB:CVE-2018-3183", "UB:CVE-2018-3214", "UB:CVE-2018-3639", "UB:CVE-2018-5391", "UB:CVE-2018-5710", "UB:CVE-2018-5729", "UB:CVE-2018-5730", "UB:CVE-2018-8897", "UB:CVE-2021-4160"]}, {"type": "virtuozzo", "idList": ["VZA-2017-109", "VZA-2017-110", "VZA-2017-111", "VZA-2017-113", "VZA-2017-114", "VZA-2018-004", "VZA-2018-005", "VZA-2018-014", "VZA-2018-015", "VZA-2018-016", "VZA-2018-017", "VZA-2018-028", "VZA-2018-029", "VZA-2018-030", "VZA-2018-032", "VZA-2018-033", "VZA-2018-034", "VZA-2018-037", "VZA-2018-047", "VZA-2018-048", "VZA-2018-074", "VZA-2018-075"]}, {"type": "vmware", "idList": ["VMSA-2014-0008", "VMSA-2014-0008.2", "VMSA-2018-0012", "VMSA-2018-0012.1"]}, {"type": "xen", "idList": ["XSA-260", "XSA-263"]}, {"type": "zdt", "idList": ["1337DAY-ID-24818", "1337DAY-ID-27400", "1337DAY-ID-30427", "1337DAY-ID-30428", "1337DAY-ID-30720"]}]}, "score": {"value": 1.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "aix", "idList": ["JAVA_APR2018_ADVISORY.ASC", "JAVA_JAN2018_ADVISORY.ASC", "JAVA_JULY2018_ADVISORY.ASC", "NTP_ADVISORY9.ASC", "OPENSSL_ADVISORY18.ASC", "OPENSSL_ADVISORY25.ASC", "SPECTRE_MELTDOWN_ADVISORY.ASC", "VARIANT4_ADVISORY.ASC"]}, {"type": "akamaiblog", "idList": ["AKAMAIBLOG:CA172BF5AAF741436B9DD55773785FB3"]}, {"type": "almalinux", "idList": ["ALBA-2021:0206"]}, {"type": "amazon", "idList": ["ALAS-2016-701", "ALAS-2017-816", "ALAS-2018-1003", "ALAS-2018-1010", "ALAS-2018-1023", "ALAS-2018-1034", "ALAS-2018-1037", "ALAS-2018-1038", "ALAS-2018-1039", "ALAS-2018-1040", "ALAS-2018-1058", "ALAS-2018-949", "ALAS-2018-971", "ALAS-2018-974", "ALAS2-2018-1010", "ALAS2-2018-1023", "ALAS2-2018-1033", "ALAS2-2018-1034", "ALAS2-2018-1037", "ALAS2-2018-1038", "ALAS2-2018-1039", "ALAS2-2018-1048", "ALAS2-2018-1049", "ALAS2-2018-1058", "ALAS2-2018-1097", "ALAS2-2018-1111", "ALAS2-2018-1120", "ALAS2-2018-1121", "ALAS2-2018-1129", "ALAS2-2018-949", "ALAS2-2018-961", "ALAS2-2018-971", "ALAS2-2018-994", "ALAS2-2019-1144", "ALAS2-2019-1150", "ALAS2-2019-1158", "ALAS2-2019-1160", "ALAS2-2019-1230"]}, {"type": "apple", "idList": ["APPLE:395E729CF93F555C415D358DB1C43E9A", "APPLE:53EFEBE3691961E0982391E9A9F17692", "APPLE:B6838750CA6086B150DDD58EB8FAE22A", "APPLE:CBA8BD9BD1E4F4D2B32B5AB72B152FD0", "APPLE:HT208742", "APPLE:HT208849", "APPLE:HT209193"]}, {"type": "archlinux", "idList": ["ASA-201603-2", "ASA-201603-3"]}, {"type": "centos", "idList": ["CESA-2017:3071", "CESA-2018:0095", "CESA-2018:0260", "CESA-2018:0349", "CESA-2018:1319", "CESA-2018:1629", "CESA-2018:1632", "CESA-2018:1633", "CESA-2018:1647", "CESA-2018:1648", "CESA-2018:1649", "CESA-2018:1650", "CESA-2018:1651", "CESA-2018:1660", "CESA-2018:1669", "CESA-2018:1879", "CESA-2018:2162", "CESA-2018:2164", "CESA-2018:2846"]}, {"type": "cert", "idList": ["VU:180049", "VU:631579"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2014-1535", "CPAI-2018-0011"]}, {"type": "checkpoint_security", "idList": ["CPS:SK134054", "CPS:SK134253"]}, {"type": "cisa", "idList": ["CISA:C1D0E305B2191ADE13845CF38D356802"]}, {"type": "cisco", "idList": ["CISCO-SA-20170130-OPENSSL", "CISCO-SA-20180521-CPUSIDECHANNEL"]}, {"type": "citrix", "idList": ["CTX234679", "CTX235225"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:0BD4290D520A235B05B93F0ACF4B7C2B", "CFOUNDRY:23B1515F8D5457421D7BC84DE82AEE7A", "CFOUNDRY:9243E8457D02CBA7A3505CB1E0E03739", "CFOUNDRY:B6F9117DDC7188793F0CD8F25AB1B9C7", "CFOUNDRY:E36E8558D6E84664F9D34B4A9E5179AC"]}, {"type": "cve", "idList": ["CVE-2014-0114", "CVE-2016-0705", "CVE-2016-9396", "CVE-2017-1000050", "CVE-2017-1000407", "CVE-2017-15116", "CVE-2017-15670", "CVE-2017-16939", "CVE-2017-3737", "CVE-2018-0494", "CVE-2018-1000199", "CVE-2018-1049", "CVE-2018-1060", "CVE-2018-1061", "CVE-2018-10844", "CVE-2018-10845", "CVE-2018-10846", "CVE-2018-1087", "CVE-2018-1091", "CVE-2018-1517", "CVE-2018-1656", "CVE-2018-1719", "CVE-2018-1794", "CVE-2018-2641", "CVE-2018-2677", "CVE-2018-2783", "CVE-2018-3136", "CVE-2018-3139", "CVE-2018-3149", "CVE-2018-3169", "CVE-2018-3180", "CVE-2018-3183", "CVE-2018-3214", "CVE-2018-3639", "CVE-2018-8897"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1058-1:90E67", "DEBIAN:DLA-1200-1:A0B61", "DEBIAN:DLA-1339-1:B1DCE", "DEBIAN:DLA-1369-1:33F82", "DEBIAN:DLA-1375-1:AA95E", "DEBIAN:DLA-1383-1:AD0A7", "DEBIAN:DLA-1392-1:883BE", "DEBIAN:DLA-1423-1:B239D", "DEBIAN:DLA-1446-1:83DE2", "DEBIAN:DLA-1466-1:48FF6", "DEBIAN:DLA-1506-1:B3A8C", "DEBIAN:DLA-1519-1:1A158", "DEBIAN:DLA-1520-1:70B85", "DEBIAN:DSA-4017-1:88D36", "DEBIAN:DSA-4018-1:01441", "DEBIAN:DSA-4065-1:A75E5", "DEBIAN:DSA-4073-1:79398", "DEBIAN:DSA-4082-1:57979", "DEBIAN:DSA-4144-1:54880", "DEBIAN:DSA-4157-1:5A16B", "DEBIAN:DSA-4166-1:929BB", "DEBIAN:DSA-4187-1:481CA", "DEBIAN:DSA-4188-1:E4177", "DEBIAN:DSA-4195-1:B342C", "DEBIAN:DSA-4196-1:6FB62", "DEBIAN:DSA-4201-1:7E613", "DEBIAN:DSA-4210-1:DBC01", "DEBIAN:DSA-4272-1:8EBA1", "DEBIAN:DSA-4273-1:BEC28", "DEBIAN:DSA-4273-2:DE475", "DEBIAN:DSA-4306-1:95510", "DEBIAN:DSA-4307-1:C7B50"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2015-5180", "DEBIANCVE:CVE-2017-11368", "DEBIANCVE:CVE-2017-12132", "DEBIANCVE:CVE-2017-15670", "DEBIANCVE:CVE-2017-7562", "DEBIANCVE:CVE-2018-10844", "DEBIANCVE:CVE-2018-10845", "DEBIANCVE:CVE-2018-10846", "DEBIANCVE:CVE-2018-13785", "DEBIANCVE:CVE-2018-3639", "DEBIANCVE:CVE-2018-5729", "DEBIANCVE:CVE-2018-5730"]}, {"type": "exploitdb", "idList": ["EDB-ID:44049", "EDB-ID:44601", "EDB-ID:44697", "EDB-ID:45024"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:F867C230BBE8FA4BCFE72E04CBAC881F"]}, {"type": "f5", "idList": ["F5:K07082049", "F5:K14363514", "F5:K17403481", "F5:K18352029", "F5:K18364001", "F5:K35129173", "F5:K43452233", "F5:K44923228", "F5:K58304450", "F5:K64009378", "F5:K74374841", "F5:K81158013", "F5:K87355575", "F5:K96670746", "SOL15282", "SOL16444", "SOL64009378"]}, {"type": "fedora", "idList": ["FEDORA:00B1F604E1F2", "FEDORA:017D56156B44", "FEDORA:028E16051CDC", "FEDORA:046E16076016", "FEDORA:0544D60491AB", "FEDORA:089B7605072B", "FEDORA:08D3760E6566", "FEDORA:0FD96602C182", "FEDORA:10F7D6255145", "FEDORA:122AE604D3F9", "FEDORA:125F360603E5", "FEDORA:1324F60D30E4", "FEDORA:132956044E67", "FEDORA:1625662B796D", "FEDORA:1916D6091F30", "FEDORA:1C6F16348980", "FEDORA:1CA16613DD7E", "FEDORA:1EFAB60ACFB0", "FEDORA:2281662F1093", "FEDORA:22CA86022BDC", "FEDORA:250CB6087A80", "FEDORA:25BDD6190ECF", "FEDORA:29049600CFF3", "FEDORA:29FCE65ECD33", "FEDORA:2C5386075B25", "FEDORA:2C89F6167407", "FEDORA:3266960F0E44", "FEDORA:353CF60468D9", "FEDORA:37B8362B00D0", "FEDORA:3CB7960A4420", "FEDORA:3ED26601CEE3", "FEDORA:3F23C623C260", "FEDORA:3FBD8604970A", "FEDORA:41B546014626", "FEDORA:42DA3601FD86", "FEDORA:44065605602A", "FEDORA:45707604CD90", "FEDORA:4832F6079717", "FEDORA:49B5A60CADB6", "FEDORA:4D5AD601FDAC", "FEDORA:4FA016419F1F", "FEDORA:50E6E6087656", "FEDORA:5267F604C2BD", "FEDORA:5591D601DA24", "FEDORA:5639D6406A44", "FEDORA:5A77C60200D2", "FEDORA:5AA3D60505E7", "FEDORA:5D742610B071", "FEDORA:5DE3B649CE94", "FEDORA:621A2609A69C", "FEDORA:660AA642E1AC", "FEDORA:66C72604D404", "FEDORA:67E46607601A", "FEDORA:6A9A16095B29", "FEDORA:6B39A60C690C", "FEDORA:6B66A6047312", "FEDORA:6CE076015F62", "FEDORA:6E66862A5C82", "FEDORA:6EC6360BEA04", "FEDORA:728DA604CD72", "FEDORA:7312F6087A09", "FEDORA:73C3960CDDB3", "FEDORA:73C6F628E99A", "FEDORA:7640C641CB61", "FEDORA:853AD608EC23", "FEDORA:87BD56087904", "FEDORA:8AE5E604E213", "FEDORA:8EA746050C5D", "FEDORA:8F974604E846", "FEDORA:909D360491BF", "FEDORA:9145860769FE", "FEDORA:9301E6076020", "FEDORA:958BD626BB06", "FEDORA:95A686085F81", "FEDORA:98315602F10D", "FEDORA:9E3D9606D195", "FEDORA:A02E3603EB55", "FEDORA:A25EF60DC572", "FEDORA:AB5346014BB3", "FEDORA:AC7FC600CFCA", "FEDORA:AEECE6075DBF", "FEDORA:AF94A602D551", "FEDORA:AFDBD60E76E0", "FEDORA:B1E3A608B7EA", "FEDORA:B395E6087A9D", "FEDORA:B54D264CBCAC", "FEDORA:B7EFE60A96DB", "FEDORA:B803860875BB", "FEDORA:BB798601F379", "FEDORA:BBFE360460D0", "FEDORA:BBFF6604C5CA", "FEDORA:BCAE760875D9", "FEDORA:BD35260BC96F", "FEDORA:BF6FF60A96DE", "FEDORA:BFFEE66469AF", "FEDORA:C15126057704", "FEDORA:C2B146042816", "FEDORA:C49D061F375F", "FEDORA:C64AE6007F37", "FEDORA:C65F560874BD", "FEDORA:C73F2604D4D2", "FEDORA:C7A34627CF63", "FEDORA:C8DAB604A066", "FEDORA:C8F726082DB8", "FEDORA:CCD4F6098DDD", "FEDORA:CF3446076A16", "FEDORA:CF8B162C3B99", "FEDORA:D013361742CE", "FEDORA:D208C60874AA", "FEDORA:D5F726042B1F", "FEDORA:D6CAE607A456", "FEDORA:D6F86601E6D9", "FEDORA:DB978619EB1C", "FEDORA:DEA206060997", "FEDORA:DF5176048167", "FEDORA:DFCF964B861F", "FEDORA:E101E601FC0D", "FEDORA:E452E6021791", "FEDORA:E5291607602A", "FEDORA:E655260321A8", "FEDORA:E6F08605DCE7", "FEDORA:E6FC960603E5", "FEDORA:E93AE6077DCD", "FEDORA:EA819610425D", "FEDORA:EAC7F6435E1F", "FEDORA:EBB026048D2E", "FEDORA:EC9E0604D409", "FEDORA:ED949601E6EB", "FEDORA:F1BAF600CBF3"]}, {"type": "fortinet", "idList": ["FG-IR-18-002"]}, {"type": "freebsd", "idList": ["3679FD10-C5D1-11E5-B85F-0018FE623F2B", "3BB451FC-DB64-11E7-AC58-B499BAEBFEAF", "521CE804-52FD-11E8-9123-A4BADB2F4699", "6D33B3E5-EA03-11E5-85BE-14DAE9D210B8", "7B5A8E3B-52CC-11E8-8C7A-9C5C8E75236A", "9442A811-DAB3-11E7-B5AF-A4BADB2F4699", "B7CFF5A9-31CC-11E8-8F07-B499BAEBFEAF", "BEA84A7A-E0C9-11E7-B4F3-11BAA0C2DF21"]}, {"type": "gentoo", "idList": ["GLSA-201712-03", "GLSA-201802-04", "GLSA-201806-01", "GLSA-201908-03", "GLSA-201908-10"]}, {"type": "github", "idList": ["GHSA-P66X-2CV9-QQ3V"]}, {"type": "githubexploit", "idList": ["106B0836-A998-5B63-9B7B-F2F8BBD8BE02"]}, {"type": "hackerone", "idList": ["H1:113288"]}, {"type": "hp", "idList": ["HP:C05869091", "HP:C06001626"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20170503-01-OPENSSL"]}, {"type": "ibm", "idList": ["002EEB5F5A7739989BC247DF814D8328529073722D1EAF6319232F8412E43B85", "015CED4DD111438880FFDB361B30E09A12892E262FEEA8F7178F7A49BBE7D4D2", "06FAF3AD79C8BAC8455C602C3F4C354C0CD9450DE060FB4D831ED000993782B4", "0C9BE2F3A245999460BB6BC497E21EC27992E79FB4C1D769E6D1CF729AB33300", "1BFF63EB8AF39056E08427B06D34E43B32E43FBCC74FB2A85F32E708984FD60F", "1FDBEC12027C052441E05FC3350A429DBB3A5C9A3D9891A4F100ED317B0CEB5A", "23BA9E1A95485FDA5113C5A985FFBA48AD2E78665BA734F9E465CCC361105BD6", "2E5FBC98B3C629E550C399A69E443EC94829D2F3063DEF6F05348CD44D0F724E", "2EB239F42D6D7C7FA19DB2D44FE26391F190CD35DED01956174DF034F07EE7DC", "37F93777210D3E697FEE1FFB9F1F24D00587BEB90F69BC2D11101BE949FE12E9", "3BFC02506D924F46EA7B9C86C9E7F382E6D73A7B3DDA37606C182206F17ACE06", "43ECF7C36D1E6DC475530D2CB5DF6E2047C49DC8E177CF79FA363DF0831764BB", "4BAA7DBBD4B519F5509C540F33D2C614C19A50E6429F416A1527257CB1B7FED5", "4F11DD6523020C1FA257E50F0A4716068E2DCD481F4DADFA60B120A57FED7EDA", "5214260A34ECCA2D36292BFC4C11147683CAC684BD8D0972FA94B6DB1BB05B35", "54FB6726805D886796865FF32608051BEE914B969DCB3300B1E662574A92A04E", "5641564DE1A4B9249AC0EED2F265EE204961C428F093EC99321D93DA0AA23C3E", "5A23BE34322F36780B2821378B1628B3331997E99E3A9C4B3B0067399EEBC3F5", "68710C7D1422E8076FFFEF97AF274F1C068F8CFAE0F3C86E3B98912A66B2C725", "6F2C088BF5D78FB804760981ACFE38C9CC104BC5F9390812E5D324682512AD45", "710FF5E1CB4D611BE20AFA763A2E55BD61CA0C044D0A9E4193229B1B1B213877", "7545FC6960BC08536BD63AD777890D26CE8FBACF18C55DCC74C636085DAC612B", "7AE0AD6D1DAB3FC37214E1A0FCAC4D74DD7278E9BEEC70EEF549EC606CF6A798", "7C036BF77327D3E6C047144AB3972D81892E537DECEAE5F85E24B96C2ADE9094", "7D46658778E442AD0D43B74E767B5638C73A3147A2AD662C6A1BAB31343A96D2", "7E4E851053AF5C2BFADF66AC8494971BF986538EB9E1BEE4C5D8B83D2DB1BBB0", "851927E9A914702A95EEA9454001ADE50D174413B1489EE879B6F7BC31E5784D", "8649193431A71228BC32B0BD78D31629CEE17377E0FEA3B72BFEBEC9E8B5F648", "8F771C1B03F309F552230FCF042B549ADB2FE67E37C0688ACFB548541496FA72", "926CD83AAB7DA7EA60F3ED2C60C4D2004D06E2189562B75111B63EE52FE070C2", "97CD369EB3BCCC1F7A3B67233E2738504AF5A0BF28934C3143213BC44F6DEDFB", "9C6F1EFD064B98941F8B42A32A91BAB15206AC55CF09BF3BAAA5925A1B9B55C9", "9CCEB90B89301ED91DF7A501EF3103FD54D3AD611D342CF6E4B19E5105E84E35", "A1CC6562C17E5EC673E948D2A2BDC81B95358B992FF6307244AB513E68831007", "AC5DE01326AFA37CBA7F799502684F57AF3D9271EC49734648DB7797522AF2E8", "AF5AF2A578A7118F2477417E83C253B847D9473AB4D5335D10C898EEA7AE242B", "AF9DB0439D110F652A027B6F18E95DF66F97E9C31482C2B607F9689B0C161D83", "B0ED0D04FEC73A0B0845B961BA35881F186789F8B230B6093E23AC1722054473", "B112C9607CBD35998B2830CA02C7C8517B31FED66C516BE791DE3D1647980CB8", "BA3D871218C7EC154D3DA60B65F47B45FC02B640ABAA3BFF2DBE9F1ADAE1DADF", "BC9A237881D6D4DE9A21F7866E0ABDAC309C2B830312FAF19B7C83460899BF25", "C210DB4F68E45B14B945F03E927903ECBDD3FE9752D07BE050AA1247BFD07911", "C5E4DDCF2EC3310E2973CCC9C9ACCFCDDF92BEA5B6B97D98A29F2B8106A555D2", "CE45F65F8AEB5D90A862CD5EED3436A723C247870C58DCCBC1C00E5D1F237D54", "D0F90FC02DF0C56E6BD132E8B2615B5F33AB5CF670A65189CA520A94D2F35C9A", "D3FC4C864CD97E270FAC4CBCEABAE2B03B9602F6B255BA3A99D42C24F57C6E4F", "D6240400034A298813BFD7CEB1643211EFCAF06767C7860BA5B6E4F9B2C55421", "ECD78CCFAD199384A2E1B0251EC051113AB96CA42C9B3451D235C36A2FB281C6", "EFC96C84FC6627E09277E1FB61859CD2CA1859DFD91107C5D299A533D68503BF", "F0864C914EFB62F7C48822F52BDF423B57466738327736DD211AEFBE34B7C109", "F46A4C43F77DC9BD8DC54150842759039BC0DD99D85EC00E2DEF629A08702F73", "F5D5AAF38F45575DCEBF7AD5E9B3D25AA8678ED2972A091BF0082B881BDC74A4", "F67202ED75BF1CA0B053A0700C443140838D02D55D86E69A476756009FE7F8BB", "FDE8E9C242ED2D257B3BCF9E013CB6CFC32441C70BF5803FE16A714EDE9E7DFB", "FE0CD9D782041746DBFBA9DFD5A169C98E21DF40D5DB566AD15D9898EFE9D6E4"]}, {"type": "ics", "idList": ["ICSMA-20-184-01"]}, {"type": "intothesymmetry", "idList": ["INTOTHESYMMETRY:E90923CAE21ADFC423A96B462BCBC0DF"]}, {"type": "jvn", "idList": ["JVN:91383083"]}, {"type": "kaspersky", "idList": ["KLA11178", "KLA11179", "KLA11234", "KLA11241", "KLA11253", "KLA11258"]}, {"type": "lenovo", "idList": ["LENOVO:PS500167-NOSID", "LENOVO:PS500174-NOSID"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/WINDOWS/LOCAL/MOV_SS", "MSF:ILITIES/CISCO-NX-OS-CISCO-SA-20180824-LINUX-IP-FRAGMENT/", "MSF:ILITIES/ORACLE_LINUX-CVE-2017-3738/", "MSF:ILITIES/REDHAT_LINUX-CVE-2016-9396/"]}, {"type": "mscve", "idList": ["MS:ADV190013"]}, {"type": "mskb", "idList": ["KB4338830", "KB4467708", "KB4480972"]}, {"type": "nessus", "idList": ["700511.PRM", "AIX_IJ05818.NASL", "AIX_IJ05820.NASL", "AIX_IJ05821.NASL", "AIX_IJ05822.NASL", "AIX_IJ05823.NASL", "AIX_IJ05824.NASL", "AIX_IJ05826.NASL", "AL2_ALAS-2018-1010.NASL", "AL2_ALAS-2018-1023.NASL", "AL2_ALAS-2018-1058.NASL", "AL2_ALAS-2018-949.NASL", "AL2_ALAS-2018-961.NASL", "AL2_ALAS-2018-971.NASL", "AL2_ALAS-2018-994.NASL", "ALA_ALAS-2017-816.NASL", "ALA_ALAS-2018-1003.NASL", "ALA_ALAS-2018-1023.NASL", "ALA_ALAS-2018-1058.NASL", "ALA_ALAS-2018-949.NASL", "CENTOS_RHSA-2017-3071.NASL", "CENTOS_RHSA-2018-0095.NASL", "CENTOS_RHSA-2018-0260.NASL", "CENTOS_RHSA-2018-0666.NASL", "CENTOS_RHSA-2018-0855.NASL", "CENTOS_RHSA-2018-0998.NASL", "CENTOS_RHSA-2018-1318.NASL", "CENTOS_RHSA-2018-1319.NASL", "CENTOS_RHSA-2018-1629.NASL", "CENTOS_RHSA-2018-1632.NASL", "CENTOS_RHSA-2018-1633.NASL", "CENTOS_RHSA-2018-1647.NASL", "CENTOS_RHSA-2018-1648.NASL", "CENTOS_RHSA-2018-1649.NASL", "CENTOS_RHSA-2018-1650.NASL", "CENTOS_RHSA-2018-1651.NASL", "CENTOS_RHSA-2018-1660.NASL", "CENTOS_RHSA-2018-1669.NASL", "CENTOS_RHSA-2018-2162.NASL", "CENTOS_RHSA-2018-2164.NASL", "CENTOS_RHSA-2018-2846.NASL", "CITRIX_XENSERVER_CTX234679.NASL", "CITRIX_XENSERVER_CTX235225.NASL", "DEBIAN_DLA-1200.NASL", "DEBIAN_DLA-1369.NASL", "DEBIAN_DLA-1375.NASL", "DEBIAN_DLA-1383.NASL", "DEBIAN_DLA-1466.NASL", "DEBIAN_DLA-1506.NASL", "DEBIAN_DLA-1519.NASL", "DEBIAN_DLA-1520.NASL", "DEBIAN_DSA-4065.NASL", "DEBIAN_DSA-4082.NASL", "DEBIAN_DSA-4187.NASL", "DEBIAN_DSA-4188.NASL", "DEBIAN_DSA-4195.NASL", "DEBIAN_DSA-4196.NASL", "DEBIAN_DSA-4201.NASL", "DEBIAN_DSA-4210.NASL", "DEBIAN_DSA-4272.NASL", "DEBIAN_DSA-4273.NASL", "DEBIAN_DSA-4306.NASL", "DEBIAN_DSA-4307.NASL", "EULEROS_SA-2018-1026.NASL", "EULEROS_SA-2018-1027.NASL", "EULEROS_SA-2018-1028.NASL", "EULEROS_SA-2018-1115.NASL", "EULEROS_SA-2018-1119.NASL", "EULEROS_SA-2018-1120.NASL", "EULEROS_SA-2018-1121.NASL", "EULEROS_SA-2018-1132.NASL", "EULEROS_SA-2018-1133.NASL", "EULEROS_SA-2018-1153.NASL", "EULEROS_SA-2018-1234.NASL", "EULEROS_SA-2018-1243.NASL", "EULEROS_SA-2018-1256.NASL", "EULEROS_SA-2018-1260.NASL", "EULEROS_SA-2018-1263.NASL", "EULEROS_SA-2018-1264.NASL", "EULEROS_SA-2018-1265.NASL", "EULEROS_SA-2018-1266.NASL", "EULEROS_SA-2018-1267.NASL", "EULEROS_SA-2018-1270.NASL", "EULEROS_SA-2018-1271.NASL", "EULEROS_SA-2018-1315.NASL", "EULEROS_SA-2018-1316.NASL", "EULEROS_SA-2019-1537.NASL", "EULEROS_SA-2020-1394.NASL", "EULEROS_SA-2021-2542.NASL", "EULEROS_SA-2021-2566.NASL", "F5_BIGIP_SOL02951273.NASL", "F5_BIGIP_SOL07082049.NASL", "F5_BIGIP_SOL14363514.NASL", "F5_BIGIP_SOL44512851.NASL", "F5_BIGIP_SOL96670746.NASL", "FEDORA_2016-1AAF308DE4.NASL", "FEDORA_2016-2802690366.NASL", "FEDORA_2016-7C48036D73.NASL", "FEDORA_2016-E6807B3394.NASL", "FEDORA_2017-0D3FDD3D1F.NASL", "FEDORA_2017-15819D2C37.NASL", "FEDORA_2017-20D54B2782.NASL", "FEDORA_2017-2C63DF4FE3.NASL", "FEDORA_2017-72323A442F.NASL", "FEDORA_2017-769793738F.NASL", "FEDORA_2018-04D49A1804.NASL", "FEDORA_2018-29EBBA0906.NASL", "FEDORA_2018-391A1F3E61.NASL", "FEDORA_2018-6367A17AA3.NASL", "FEDORA_2018-7CD077DDD3.NASL", "FEDORA_2018-875AFEBB87.NASL", "FEDORA_2018-8E27AD96ED.NASL", "FEDORA_2018-93C2E74446.NASL", "FEDORA_2018-98684F429B.NASL", "FEDORA_2018-E6DF7FCF75.NASL", "FEDORA_2018-F29459149A.NASL", "FEDORA_2020-D14280A6E8.NASL", "FREEBSD_PKG_3BB451FCDB6411E7AC58B499BAEBFEAF.NASL", "FREEBSD_PKG_3F3837CC48FB4414AA465B1C23C9FEAE.NASL", "FREEBSD_PKG_521CE80452FD11E89123A4BADB2F4699.NASL", "FREEBSD_PKG_6D33B3E5EA0311E585BE14DAE9D210B8.NASL", "FREEBSD_PKG_7B5A8E3B52CC11E88C7A9C5C8E75236A.NASL", "FREEBSD_PKG_9442A811DAB311E7B5AFA4BADB2F4699.NASL", "FREEBSD_PKG_BEA84A7AE0C911E7B4F311BAA0C2DF21.NASL", "GENTOO_GLSA-201712-03.NASL", "GENTOO_GLSA-201802-04.NASL", "GENTOO_GLSA-201806-01.NASL", "MYSQL_5_6_39.NASL", "MYSQL_5_6_39_RPM.NASL", "MYSQL_5_7_21_RPM.NASL", "NEWSTART_CGSL_NS-SA-2019-0132_LIBVIRT.NASL", "NEWSTART_CGSL_NS-SA-2019-0137_JAVA-1.8.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0142_GLIBC.NASL", "NEWSTART_CGSL_NS-SA-2019-0142_JAVA-1.7.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0143_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0146_JAVA-1.8.0-OPENJDK.NASL", "OPENSSL_1_0_2N.NASL", "OPENSUSE-2016-288.NASL", "OPENSUSE-2016-289.NASL", "OPENSUSE-2016-607.NASL", "OPENSUSE-2017-1324.NASL", "OPENSUSE-2017-1390.NASL", "OPENSUSE-2017-1391.NASL", "OPENSUSE-2017-511.NASL", "OPENSUSE-2018-1001.NASL", "OPENSUSE-2018-1049.NASL", "OPENSUSE-2018-1092.NASL", "OPENSUSE-2018-1138.NASL", "OPENSUSE-2018-1143.NASL", "OPENSUSE-2018-116.NASL", "OPENSUSE-2018-117.NASL", "OPENSUSE-2018-184.NASL", "OPENSUSE-2018-30.NASL", "OPENSUSE-2018-389.NASL", "OPENSUSE-2018-454.NASL", "OPENSUSE-2018-488.NASL", "OPENSUSE-2018-489.NASL", "OPENSUSE-2018-5.NASL", "OPENSUSE-2018-514.NASL", "OPENSUSE-2018-515.NASL", "OPENSUSE-2018-547.NASL", "OPENSUSE-2018-885.NASL", "OPENSUSE-2018-886.NASL", "OPENSUSE-2018-887.NASL", "OPENSUSE-2018-894.NASL", "OPENSUSE-2018-90.NASL", "OPENSUSE-2019-1315.NASL", "OPENSUSE-2019-1438.NASL", "OPENSUSE-2019-1439.NASL", "OPENSUSE-2019-1530.NASL", "OPENSUSE-2019-274.NASL", "OPENSUSE-2019-398.NASL", "OPENSUSE-2019-418.NASL", "OPENSUSE-2019-424.NASL", "OPENSUSE-2019-426.NASL", "OPENSUSE-2019-510.NASL", "OPENSUSE-2019-570.NASL", "OPENSUSE-2019-575.NASL", "OPENSUSE-2019-618.NASL", "OPENSUSE-2019-620.NASL", "OPENSUSE-2019-622.NASL", "OPENSUSE-2019-746.NASL", "OPENSUSE-2019-774.NASL", "OPENSUSE-2019-818.NASL", "OPENSUSE-2019-909.NASL", "ORACLELINUX_ELSA-2017-3071.NASL", "ORACLELINUX_ELSA-2018-0095.NASL", "ORACLELINUX_ELSA-2018-0260.NASL", "ORACLELINUX_ELSA-2018-0349.NASL", "ORACLELINUX_ELSA-2018-0666.NASL", "ORACLELINUX_ELSA-2018-0855.NASL", "ORACLELINUX_ELSA-2018-0998.NASL", "ORACLELINUX_ELSA-2018-1318.NASL", "ORACLELINUX_ELSA-2018-1319.NASL", "ORACLELINUX_ELSA-2018-1629.NASL", "ORACLELINUX_ELSA-2018-1632.NASL", "ORACLELINUX_ELSA-2018-1633.NASL", "ORACLELINUX_ELSA-2018-1647.NASL", "ORACLELINUX_ELSA-2018-1648.NASL", "ORACLELINUX_ELSA-2018-1649.NASL", "ORACLELINUX_ELSA-2018-1650.NASL", "ORACLELINUX_ELSA-2018-1651.NASL", "ORACLELINUX_ELSA-2018-1660.NASL", "ORACLELINUX_ELSA-2018-1669.NASL", "ORACLELINUX_ELSA-2018-2162.NASL", "ORACLELINUX_ELSA-2018-2164.NASL", "ORACLELINUX_ELSA-2018-2846.NASL", "ORACLELINUX_ELSA-2018-4017.NASL", "ORACLELINUX_ELSA-2018-4071.NASL", "ORACLELINUX_ELSA-2018-4096.NASL", "ORACLELINUX_ELSA-2018-4097.NASL", "ORACLELINUX_ELSA-2018-4098.NASL", "ORACLELINUX_ELSA-2018-4108.NASL", "ORACLELINUX_ELSA-2018-4114.NASL", "ORACLELINUX_ELSA-2018-4131.NASL", "ORACLELINUX_ELSA-2018-4161.NASL", "ORACLELINUX_ELSA-2018-4195.NASL", "ORACLEVM_OVMSA-2018-0012.NASL", "ORACLEVM_OVMSA-2018-0015.NASL", "ORACLEVM_OVMSA-2018-0035.NASL", "ORACLEVM_OVMSA-2018-0040.NASL", "ORACLEVM_OVMSA-2018-0041.NASL", "ORACLEVM_OVMSA-2018-0218.NASL", "ORACLEVM_OVMSA-2018-0219.NASL", "ORACLEVM_OVMSA-2018-0221.NASL", "ORACLEVM_OVMSA-2018-0223.NASL", "ORACLEVM_OVMSA-2018-0228.NASL", "ORACLEVM_OVMSA-2018-0236.NASL", "ORACLEVM_OVMSA-2018-0238.NASL", "ORACLEVM_OVMSA-2018-0248.NASL", "ORACLE_E-BUSINESS_CPU_JAN_2018.NASL", "ORACLE_ENTERPRISE_MANAGER_APR_2018_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_APR_2019_CPU.NASL", "ORACLE_HTTP_SERVER_CPU_JAN_2018.NASL", "ORACLE_JROCKIT_CPU_APR_2018.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_APR_2021.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_APR_2018_CPU.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JAN_2018_CPU.NASL", "ORACLE_TUXEDO_CPU_APR_2018.NASL", "PFSENSE_SA-17_04.NASL", "PFSENSE_SA-17_11.NASL", "PHOTONOS_PHSA-2017-0041.NASL", "PHOTONOS_PHSA-2017-0042.NASL", "PHOTONOS_PHSA-2017-0048.NASL", "PHOTONOS_PHSA-2017-1_0-0093.NASL", "PHOTONOS_PHSA-2017-1_0-0095.NASL", "PHOTONOS_PHSA-2017-2_0-0008.NASL", "PHOTONOS_PHSA-2018-1_0-0097-A.NASL", "PHOTONOS_PHSA-2018-1_0-0101.NASL", "PHOTONOS_PHSA-2018-1_0-0130.NASL", "PHOTONOS_PHSA-2018-1_0-0132-A.NASL", "PHOTONOS_PHSA-2018-1_0-0177.NASL", "PHOTONOS_PHSA-2018-2_0-0076.NASL", "PHOTONOS_PHSA-2018-2_0-0077.NASL", "PHOTONOS_PHSA-2020-1_0-0290_OPENJDK11.NASL", "PHOTONOS_PHSA-2020-3_0-0084_OPENJDK11.NASL", "REDHAT-RHSA-2017-3071.NASL", "REDHAT-RHSA-2018-0095.NASL", "REDHAT-RHSA-2018-0099.NASL", "REDHAT-RHSA-2018-0100.NASL", "REDHAT-RHSA-2018-0115.NASL", "REDHAT-RHSA-2018-0260.NASL", "REDHAT-RHSA-2018-0349.NASL", "REDHAT-RHSA-2018-0351.NASL", "REDHAT-RHSA-2018-0352.NASL", "REDHAT-RHSA-2018-1130.NASL", "REDHAT-RHSA-2018-1170.NASL", "REDHAT-RHSA-2018-1203.NASL", "REDHAT-RHSA-2018-1205.NASL", "REDHAT-RHSA-2018-1318.NASL", "REDHAT-RHSA-2018-1319.NASL", "REDHAT-RHSA-2018-1345.NASL", "REDHAT-RHSA-2018-1346.NASL", "REDHAT-RHSA-2018-1347.NASL", "REDHAT-RHSA-2018-1348.NASL", "REDHAT-RHSA-2018-1349.NASL", "REDHAT-RHSA-2018-1350.NASL", "REDHAT-RHSA-2018-1351.NASL", "REDHAT-RHSA-2018-1354.NASL", "REDHAT-RHSA-2018-1355.NASL", "REDHAT-RHSA-2018-1374.NASL", "REDHAT-RHSA-2018-1463.NASL", "REDHAT-RHSA-2018-1524.NASL", "REDHAT-RHSA-2018-1629.NASL", "REDHAT-RHSA-2018-1630.NASL", "REDHAT-RHSA-2018-1632.NASL", "REDHAT-RHSA-2018-1633.NASL", "REDHAT-RHSA-2018-1635.NASL", "REDHAT-RHSA-2018-1636.NASL", "REDHAT-RHSA-2018-1637.NASL", "REDHAT-RHSA-2018-1638.NASL", "REDHAT-RHSA-2018-1639.NASL", "REDHAT-RHSA-2018-1640.NASL", "REDHAT-RHSA-2018-1641.NASL", "REDHAT-RHSA-2018-1642.NASL", "REDHAT-RHSA-2018-1647.NASL", "REDHAT-RHSA-2018-1648.NASL", "REDHAT-RHSA-2018-1649.NASL", "REDHAT-RHSA-2018-1650.NASL", "REDHAT-RHSA-2018-1651.NASL", "REDHAT-RHSA-2018-1652.NASL", "REDHAT-RHSA-2018-1653.NASL", "REDHAT-RHSA-2018-1654.NASL", "REDHAT-RHSA-2018-1655.NASL", "REDHAT-RHSA-2018-1656.NASL", "REDHAT-RHSA-2018-1657.NASL", "REDHAT-RHSA-2018-1658.NASL", "REDHAT-RHSA-2018-1659.NASL", "REDHAT-RHSA-2018-1660.NASL", "REDHAT-RHSA-2018-1661.NASL", "REDHAT-RHSA-2018-1662.NASL", "REDHAT-RHSA-2018-1663.NASL", "REDHAT-RHSA-2018-1664.NASL", "REDHAT-RHSA-2018-1665.NASL", "REDHAT-RHSA-2018-1666.NASL", "REDHAT-RHSA-2018-1667.NASL", "REDHAT-RHSA-2018-1668.NASL", "REDHAT-RHSA-2018-1669.NASL", "REDHAT-RHSA-2018-1674.NASL", "REDHAT-RHSA-2018-1675.NASL", "REDHAT-RHSA-2018-1676.NASL", "REDHAT-RHSA-2018-1688.NASL", "REDHAT-RHSA-2018-1689.NASL", "REDHAT-RHSA-2018-1690.NASL", "REDHAT-RHSA-2018-1696.NASL", "REDHAT-RHSA-2018-1710.NASL", "REDHAT-RHSA-2018-1711.NASL", "REDHAT-RHSA-2018-1721.NASL", "REDHAT-RHSA-2018-1722.NASL", "REDHAT-RHSA-2018-1723.NASL", "REDHAT-RHSA-2018-1724.NASL", "REDHAT-RHSA-2018-1737.NASL", "REDHAT-RHSA-2018-1738.NASL", "REDHAT-RHSA-2018-1826.NASL", "REDHAT-RHSA-2018-1879.NASL", "REDHAT-RHSA-2018-2161.NASL", "REDHAT-RHSA-2018-2162.NASL", "REDHAT-RHSA-2018-2164.NASL", "REDHAT-RHSA-2018-2387.NASL", "REDHAT-RHSA-2018-2394.NASL", "REDHAT-RHSA-2018-2396.NASL", "REDHAT-RHSA-2018-2712.NASL", "REDHAT-RHSA-2018-2785.NASL", "REDHAT-RHSA-2018-2791.NASL", "REDHAT-RHSA-2018-2846.NASL", "REDHAT-RHSA-2018-2924.NASL", "REDHAT-RHSA-2018-2933.NASL", "REDHAT-RHSA-2019-1046.NASL", "REDHAT-RHSA-2019-1170.NASL", "REDHAT-RHSA-2019-1190.NASL", "REDHAT-RHSA-2020-1268.NASL", "REDHAT-RHSA-2020-1346.NASL", "SECURITYCENTER_5_4_3_TNS_2017_04.NASL", "SECURITYCENTER_OPENSSL_1_0_2N.NASL", "SLACKWARE_SSA_2016-062-02.NASL", "SLACKWARE_SSA_2017-112-02.NASL", "SLACKWARE_SSA_2017-342-01.NASL", "SLACKWARE_SSA_2018-129-02.NASL", "SL_20171026_NTP_ON_SL6_X.NASL", "SL_20180117_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20180131_SYSTEMD_ON_SL7_X.NASL", "SL_20180226_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20180410_KRB5_ON_SL7_X.NASL", "SL_20180410_NTP_ON_SL7_X.NASL", "SL_20180410_OPENSSL_ON_SL7_X.NASL", "SL_20180508_KERNEL_ON_SL6_X.NASL", "SL_20180508_KERNEL_ON_SL7_X.NASL", "SL_20180521_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20180521_QEMU_KVM_ON_SL6_X.NASL", "SL_20180522_JAVA_1_7_0_OPENJDK_ON_SL7_X.NASL", "SL_20180522_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20180522_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL", "SL_20180522_KERNEL_ON_SL6_X.NASL", "SL_20180522_KERNEL_ON_SL7_X.NASL", "SL_20180522_LIBVIRT_ON_SL6_X.NASL", "SL_20180522_LIBVIRT_ON_SL7_X.NASL", "SL_20180522_QEMU_KVM_ON_SL7_X.NASL", "SL_20180710_KERNEL_ON_SL6_X.NASL", "SL_20180710_QEMU_KVM_ON_SL6_X.NASL", "SL_20181009_KERNEL_ON_SL6_X.NASL", "SMB_NT_MS18_MAY_4103725.NASL", "SUSE_SU-2017-1047-1.NASL", "SUSE_SU-2017-1048-1.NASL", "SUSE_SU-2017-1052-1.NASL", "SUSE_SU-2017-3169-1.NASL", "SUSE_SU-2017-3225-1.NASL", "SUSE_SU-2017-3226-1.NASL", "SUSE_SU-2017-3287-1.NASL", "SUSE_SU-2017-3289-1.NASL", "SUSE_SU-2017-3293-1.NASL", "SUSE_SU-2017-3299-1.NASL", "SUSE_SU-2017-3301-1.NASL", "SUSE_SU-2017-3302-1.NASL", "SUSE_SU-2017-3303-1.NASL", "SUSE_SU-2017-3304-1.NASL", "SUSE_SU-2017-3305-1.NASL", "SUSE_SU-2017-3307-1.NASL", "SUSE_SU-2017-3308-1.NASL", "SUSE_SU-2017-3309-1.NASL", "SUSE_SU-2017-3312-1.NASL", "SUSE_SU-2017-3313-1.NASL", "SUSE_SU-2017-3316-1.NASL", "SUSE_SU-2017-3318-1.NASL", "SUSE_SU-2017-3320-1.NASL", "SUSE_SU-2017-3321-1.NASL", "SUSE_SU-2017-3322-1.NASL", "SUSE_SU-2017-3323-1.NASL", "SUSE_SU-2017-3332-1.NASL", "SUSE_SU-2017-3336-1.NASL", "SUSE_SU-2017-3337-1.NASL", "SUSE_SU-2017-3338-1.NASL", "SUSE_SU-2017-3340-1.NASL", "SUSE_SU-2018-0040-1.NASL", "SUSE_SU-2018-0053-1.NASL", "SUSE_SU-2018-0074-1.NASL", "SUSE_SU-2018-0237-1.NASL", "SUSE_SU-2018-0238-1.NASL", "SUSE_SU-2018-0239-1.NASL", "SUSE_SU-2018-0240-1.NASL", "SUSE_SU-2018-0241-1.NASL", "SUSE_SU-2018-0242-1.NASL", "SUSE_SU-2018-0244-1.NASL", "SUSE_SU-2018-0245-1.NASL", "SUSE_SU-2018-0249-1.NASL", "SUSE_SU-2018-0250-1.NASL", "SUSE_SU-2018-0251-1.NASL", "SUSE_SU-2018-0252-1.NASL", "SUSE_SU-2018-0253-1.NASL", "SUSE_SU-2018-0265-1.NASL", "SUSE_SU-2018-0266-1.NASL", "SUSE_SU-2018-0268-1.NASL", "SUSE_SU-2018-0270-1.NASL", "SUSE_SU-2018-0271-1.NASL", "SUSE_SU-2018-0274-1.NASL", "SUSE_SU-2018-0275-1.NASL", "SUSE_SU-2018-0276-1.NASL", "SUSE_SU-2018-0299-1.NASL", "SUSE_SU-2018-0339-1.NASL", "SUSE_SU-2018-0383-1.NASL", "SUSE_SU-2018-0416-1.NASL", "SUSE_SU-2018-0451-1.NASL", "SUSE_SU-2018-0555-1.NASL", "SUSE_SU-2018-0848-1.NASL", "SUSE_SU-2018-0988-1.NASL", "SUSE_SU-2018-0989-1.NASL", "SUSE_SU-2018-0990-1.NASL", "SUSE_SU-2018-0992-1.NASL", "SUSE_SU-2018-0993-1.NASL", "SUSE_SU-2018-0994-1.NASL", "SUSE_SU-2018-0995-1.NASL", "SUSE_SU-2018-0996-1.NASL", "SUSE_SU-2018-0999-1.NASL", "SUSE_SU-2018-1000-1.NASL", "SUSE_SU-2018-1001-1.NASL", "SUSE_SU-2018-1003-1.NASL", "SUSE_SU-2018-1004-1.NASL", "SUSE_SU-2018-1005-1.NASL", "SUSE_SU-2018-1006-1.NASL", "SUSE_SU-2018-1007-1.NASL", "SUSE_SU-2018-1008-1.NASL", "SUSE_SU-2018-1009-1.NASL", "SUSE_SU-2018-1010-1.NASL", "SUSE_SU-2018-1011-1.NASL", "SUSE_SU-2018-1012-1.NASL", "SUSE_SU-2018-1014-1.NASL", "SUSE_SU-2018-1015-1.NASL", "SUSE_SU-2018-1016-1.NASL", "SUSE_SU-2018-1018-1.NASL", "SUSE_SU-2018-1019-1.NASL", "SUSE_SU-2018-1021-1.NASL", "SUSE_SU-2018-1023-1.NASL", "SUSE_SU-2018-1025-1.NASL", "SUSE_SU-2018-1026-1.NASL", "SUSE_SU-2018-1029-1.NASL", "SUSE_SU-2018-1030-1.NASL", "SUSE_SU-2018-1031-1.NASL", "SUSE_SU-2018-1032-1.NASL", "SUSE_SU-2018-1033-1.NASL", "SUSE_SU-2018-1034-1.NASL", "SUSE_SU-2018-1048-1.NASL", "SUSE_SU-2018-1171-1.NASL", "SUSE_SU-2018-1173-1.NASL", "SUSE_SU-2018-1177-1.NASL", "SUSE_SU-2018-1181-1.NASL", "SUSE_SU-2018-1184-1.NASL", "SUSE_SU-2018-1202-1.NASL", "SUSE_SU-2018-1203-1.NASL", "SUSE_SU-2018-1216-1.NASL", "SUSE_SU-2018-1220-1.NASL", "SUSE_SU-2018-1221-1.NASL", "SUSE_SU-2018-1222-1.NASL", "SUSE_SU-2018-1223-1.NASL", "SUSE_SU-2018-1224-1.NASL", "SUSE_SU-2018-1226-1.NASL", "SUSE_SU-2018-1227-1.NASL", "SUSE_SU-2018-1229-1.NASL", "SUSE_SU-2018-1230-1.NASL", "SUSE_SU-2018-1231-1.NASL", "SUSE_SU-2018-1232-1.NASL", "SUSE_SU-2018-1233-1.NASL", "SUSE_SU-2018-1234-1.NASL", "SUSE_SU-2018-1235-1.NASL", "SUSE_SU-2018-1236-1.NASL", "SUSE_SU-2018-1237-1.NASL", "SUSE_SU-2018-1239-1.NASL", "SUSE_SU-2018-1241-1.NASL", "SUSE_SU-2018-1242-1.NASL", "SUSE_SU-2018-1243-1.NASL", "SUSE_SU-2018-1244-1.NASL", "SUSE_SU-2018-1245-1.NASL", "SUSE_SU-2018-1247-1.NASL", "SUSE_SU-2018-1250-1.NASL", "SUSE_SU-2018-1251-1.NASL", "SUSE_SU-2018-1253-1.NASL", "SUSE_SU-2018-1254-1.NASL", "SUSE_SU-2018-1255-1.NASL", "SUSE_SU-2018-1256-1.NASL", "SUSE_SU-2018-1257-1.NASL", "SUSE_SU-2018-1258-1.NASL", "SUSE_SU-2018-1259-1.NASL", "SUSE_SU-2018-1261-1.NASL", "SUSE_SU-2018-1262-1.NASL", "SUSE_SU-2018-1264-1.NASL", "SUSE_SU-2018-1266-1.NASL", "SUSE_SU-2018-1267-1.NASL", "SUSE_SU-2018-1268-1.NASL", "SUSE_SU-2018-1269-1.NASL", "SUSE_SU-2018-1272-1.NASL", "SUSE_SU-2018-1273-1.NASL", "SUSE_SU-2018-1362-1.NASL", "SUSE_SU-2018-1363-1.NASL", "SUSE_SU-2018-1366-1.NASL", "SUSE_SU-2018-1367-1.NASL", "SUSE_SU-2018-1368-1.NASL", "SUSE_SU-2018-1373-1.NASL", "SUSE_SU-2018-1374-1.NASL", "SUSE_SU-2018-1375-1.NASL", "SUSE_SU-2018-1376-1.NASL", "SUSE_SU-2018-1377-1.NASL", "SUSE_SU-2018-1378-1.NASL", "SUSE_SU-2018-1386-1.NASL", "SUSE_SU-2018-1389-1.NASL", "SUSE_SU-2018-1425-1.NASL", "SUSE_SU-2018-1447-1.NASL", "SUSE_SU-2018-1452-1.NASL", "SUSE_SU-2018-1456-1.NASL", "SUSE_SU-2018-1458-1.NASL", "SUSE_SU-2018-1475-1.NASL", "SUSE_SU-2018-1479-1.NASL", "SUSE_SU-2018-1658-1.NASL", "SUSE_SU-2018-1699-1.NASL", "SUSE_SU-2018-1738-1.NASL", "SUSE_SU-2018-1764-1.NASL", "SUSE_SU-2018-1935-1.NASL", "SUSE_SU-2018-2331-1.NASL", "SUSE_SU-2018-2332-1.NASL", "SUSE_SU-2018-2335-1.NASL", "SUSE_SU-2018-2344-1.NASL", "SUSE_SU-2018-2366-1.NASL", "SUSE_SU-2018-2374-1.NASL", "SUSE_SU-2018-2696-1.NASL", "SUSE_SU-2018-2825-1.NASL", "SUSE_SU-2018-2842-1.NASL", "SUSE_SU-2018-2883-1.NASL", "SUSE_SU-2018-2973-1.NASL", "SUSE_SU-2018-3064-1.NASL", "SUSE_SU-2019-0541-1.NASL", "SUSE_SU-2019-0645-1.NASL", "SUSE_SU-2019-0672-1.NASL", "SUSE_SU-2019-1018-1.NASL", "SUSE_SU-2019-1211-1.NASL", "SUSE_SU-2019-1211-2.NASL", "SUSE_SU-2019-1219-1.NASL", "SUSE_SU-2019-1287-1.NASL", "SUSE_SU-2019-1289-1.NASL", "SUSE_SU-2019-1398-1.NASL", "SUSE_SU-2019-1398-2.NASL", "SUSE_SU-2019-1716-1.NASL", "SUSE_SU-2019-2028-1.NASL", "SUSE_SU-2019-2513-1.NASL", "UBUNTU_USN-2914-1.NASL", "UBUNTU_USN-3507-1.NASL", "UBUNTU_USN-3507-2.NASL", "UBUNTU_USN-3508-1.NASL", "UBUNTU_USN-3508-2.NASL", "UBUNTU_USN-3509-1.NASL", "UBUNTU_USN-3509-2.NASL", "UBUNTU_USN-3509-3.NASL", "UBUNTU_USN-3509-4.NASL", "UBUNTU_USN-3510-1.NASL", "UBUNTU_USN-3511-1.NASL", "UBUNTU_USN-3512-1.NASL", "UBUNTU_USN-3534-1.NASL", "UBUNTU_USN-3558-1.NASL", "UBUNTU_USN-3583-1.NASL", "UBUNTU_USN-3632-1.NASL", "UBUNTU_USN-3641-1.NASL", "UBUNTU_USN-3643-1.NASL", "UBUNTU_USN-3644-1.NASL", "UBUNTU_USN-3652-1.NASL", "UBUNTU_USN-3653-1.NASL", "UBUNTU_USN-3653-2.NASL", "UBUNTU_USN-3654-1.NASL", "UBUNTU_USN-3654-2.NASL", "UBUNTU_USN-3655-1.NASL", "UBUNTU_USN-3656-1.NASL", "UBUNTU_USN-3679-1.NASL", "UBUNTU_USN-3680-1.NASL", "UBUNTU_USN-3712-1.NASL", "UBUNTU_USN-3740-1.NASL", "UBUNTU_USN-3740-2.NASL", "UBUNTU_USN-3741-1.NASL", "UBUNTU_USN-3741-2.NASL", "UBUNTU_USN-3741-3.NASL", "UBUNTU_USN-3742-1.NASL", "UBUNTU_USN-3999-1.NASL", "VIRTUALBOX_5_2_6.NASL", "VIRTUOZZO_VZA-2017-109.NASL", "VIRTUOZZO_VZA-2017-110.NASL", "VIRTUOZZO_VZA-2017-111.NASL", "VIRTUOZZO_VZA-2017-114.NASL", "VIRTUOZZO_VZA-2018-004.NASL", "VIRTUOZZO_VZA-2018-005.NASL", "VIRTUOZZO_VZA-2018-029.NASL", "VIRTUOZZO_VZA-2018-030.NASL", "VIRTUOZZO_VZA-2018-033.NASL", "VIRTUOZZO_VZA-2018-034.NASL", "VIRTUOZZO_VZA-2018-037.NASL", "WEBSPHERE_CVE-2018-1719.NASL", "XEN_SERVER_XSA-260.NASL"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2016-0701"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310107268", "OPENVAS:1361412562310107269", "OPENVAS:1361412562310107270", "OPENVAS:1361412562310140168", "OPENVAS:1361412562310704065", "OPENVAS:1361412562310704082", "OPENVAS:1361412562310704187", "OPENVAS:1361412562310704188", "OPENVAS:1361412562310704195", "OPENVAS:1361412562310704196", "OPENVAS:1361412562310704201", "OPENVAS:1361412562310704210", "OPENVAS:1361412562310704306", "OPENVAS:1361412562310704307", "OPENVAS:1361412562310810542", "OPENVAS:1361412562310810678", "OPENVAS:1361412562310812639", "OPENVAS:1361412562310812648", "OPENVAS:1361412562310812649", "OPENVAS:1361412562310813098", "OPENVAS:1361412562310813307", "OPENVAS:1361412562310813336", "OPENVAS:1361412562310813338", "OPENVAS:1361412562310813339", "OPENVAS:1361412562310813340", "OPENVAS:1361412562310813341", "OPENVAS:1361412562310813342", "OPENVAS:1361412562310813346", "OPENVAS:1361412562310813652", "OPENVAS:1361412562310814003", "OPENVAS:1361412562310814011", "OPENVAS:1361412562310814012", "OPENVAS:1361412562310814013", "OPENVAS:1361412562310814014", "OPENVAS:1361412562310814015", "OPENVAS:1361412562310814215", "OPENVAS:1361412562310842262", "OPENVAS:1361412562310843393", "OPENVAS:1361412562310843394", "OPENVAS:1361412562310843395", "OPENVAS:1361412562310843396", "OPENVAS:1361412562310843397", "OPENVAS:1361412562310843398", "OPENVAS:1361412562310843399", "OPENVAS:1361412562310843400", "OPENVAS:1361412562310843401", "OPENVAS:1361412562310843422", "OPENVAS:1361412562310843440", "OPENVAS:1361412562310843461", "OPENVAS:1361412562310843509", "OPENVAS:1361412562310843518", "OPENVAS:1361412562310843522", "OPENVAS:1361412562310843528", "OPENVAS:1361412562310843529", "OPENVAS:1361412562310843530", "OPENVAS:1361412562310843531", "OPENVAS:1361412562310843532", "OPENVAS:1361412562310843533", "OPENVAS:1361412562310843535", "OPENVAS:1361412562310843549", "OPENVAS:1361412562310843552", "OPENVAS:1361412562310843554", "OPENVAS:1361412562310843557", "OPENVAS:1361412562310843558", "OPENVAS:1361412562310851219", "OPENVAS:1361412562310851666", "OPENVAS:1361412562310851667", "OPENVAS:1361412562310851683", "OPENVAS:1361412562310851688", "OPENVAS:1361412562310851698", "OPENVAS:1361412562310851708", "OPENVAS:1361412562310851723", "OPENVAS:1361412562310851731", "OPENVAS:1361412562310851734", "OPENVAS:1361412562310851742", "OPENVAS:1361412562310851756", "OPENVAS:1361412562310851759", "OPENVAS:1361412562310851762", "OPENVAS:1361412562310851811", "OPENVAS:1361412562310851890", "OPENVAS:1361412562310851913", "OPENVAS:1361412562310868112", "OPENVAS:1361412562310871164", "OPENVAS:1361412562310872533", "OPENVAS:1361412562310872584", "OPENVAS:1361412562310873298", "OPENVAS:1361412562310873437", "OPENVAS:1361412562310873627", "OPENVAS:1361412562310873748", "OPENVAS:1361412562310873785", "OPENVAS:1361412562310873829", "OPENVAS:1361412562310873837", "OPENVAS:1361412562310874049", "OPENVAS:1361412562310874133", "OPENVAS:1361412562310874347", "OPENVAS:1361412562310874351", "OPENVAS:1361412562310874352", "OPENVAS:1361412562310874353", "OPENVAS:1361412562310874354", "OPENVAS:1361412562310874355", "OPENVAS:1361412562310874437", "OPENVAS:1361412562310874438", "OPENVAS:1361412562310874448", "OPENVAS:1361412562310874540", "OPENVAS:1361412562310874580", "OPENVAS:1361412562310874600", "OPENVAS:1361412562310874606", "OPENVAS:1361412562310874611", "OPENVAS:1361412562310874616", "OPENVAS:1361412562310874619", "OPENVAS:1361412562310874620", "OPENVAS:1361412562310874623", "OPENVAS:1361412562310874659", "OPENVAS:1361412562310874675", "OPENVAS:1361412562310874695", "OPENVAS:1361412562310874710", "OPENVAS:1361412562310874779", "OPENVAS:1361412562310874786", "OPENVAS:1361412562310875066", "OPENVAS:1361412562310875092", "OPENVAS:1361412562310875099", "OPENVAS:1361412562310876661", "OPENVAS:1361412562310876935", "OPENVAS:1361412562310877798", "OPENVAS:1361412562310877807", "OPENVAS:1361412562310882830", "OPENVAS:1361412562310882831", "OPENVAS:1361412562310882841", "OPENVAS:1361412562310882875", "OPENVAS:1361412562310882880", "OPENVAS:1361412562310882881", "OPENVAS:1361412562310882882", "OPENVAS:1361412562310882883", "OPENVAS:1361412562310882884", "OPENVAS:1361412562310882885", "OPENVAS:1361412562310882886", "OPENVAS:1361412562310882887", "OPENVAS:1361412562310882888", "OPENVAS:1361412562310882890", "OPENVAS:1361412562310891058", "OPENVAS:1361412562310891369", "OPENVAS:1361412562310891375", "OPENVAS:1361412562310891383", "OPENVAS:1361412562310891392", "OPENVAS:1361412562310891506", "OPENVAS:1361412562310891519", "OPENVAS:1361412562310891520", "OPENVAS:1361412562310910002", "OPENVAS:1361412562311220181179", "OPENVAS:1361412562311220192030", "OPENVAS:1361412562311220201394", "OPENVAS:702940"]}, {"type": "openwrt", "idList": ["OPENWRT-SA-000007"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2018", "ORACLE:CPUOCT2019-5072832"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-3556", "ELSA-2018-0095", "ELSA-2018-0260", "ELSA-2018-0349", "ELSA-2018-0666", "ELSA-2018-0998", "ELSA-2018-1318", "ELSA-2018-1319", "ELSA-2018-1629", "ELSA-2018-1632", "ELSA-2018-1633", "ELSA-2018-1647", "ELSA-2018-1648", "ELSA-2018-1649", "ELSA-2018-1650", "ELSA-2018-1651", "ELSA-2018-1660", "ELSA-2018-1669", "ELSA-2018-2846", "ELSA-2018-2942", "ELSA-2018-2943", "ELSA-2018-4017", "ELSA-2018-4021", "ELSA-2018-4071", "ELSA-2018-4077", "ELSA-2018-4078", "ELSA-2018-4096", "ELSA-2018-4097", "ELSA-2018-4098", "ELSA-2018-4108", "ELSA-2018-4114", "ELSA-2018-4131", "ELSA-2018-4198", "ELSA-2018-4219", "ELSA-2019-2091"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:147517", "PACKETSTORM:148549"]}, {"type": "paloalto", "idList": ["PAN-SA-2018-0012"]}, {"type": "photon", "idList": ["PHSA-2017-0001", "PHSA-2017-0008", "PHSA-2017-1.0-0093", "PHSA-2017-1.0-0095", "PHSA-2018-0010", "PHSA-2018-0010-A", "PHSA-2018-1.0-0097-A", "PHSA-2018-1.0-0101", "PHSA-2018-1.0-0122", "PHSA-2018-1.0-0130", "PHSA-2018-1.0-0132-A", "PHSA-2018-1.0-0151", "PHSA-2018-1.0-0177", "PHSA-2018-1.0-0178", "PHSA-2018-1.0-0192", "PHSA-2018-1.0-0193", "PHSA-2018-2.0-0013", "PHSA-2018-2.0-0037-A", "PHSA-2018-2.0-0049", "PHSA-2018-2.0-0076", "PHSA-2018-2.0-0077", "PHSA-2018-2.0-0086", "PHSA-2018-2.0-0087", "PHSA-2018-2.0-0106", "PHSA-2018-2.0-0107", "PHSA-2018-2.0-0109", "PHSA-2019-1.0-0212", "PHSA-2019-1.0-0239", "PHSA-2019-2.0-0164", "PHSA-2019-3.0-0020", "PHSA-2020-0290", "PHSA-2020-1.0-0290", "PHSA-2020-3.0-0084"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:12D0AED8A6507BA497CB8CC165A00D0A", "QUALYSBLOG:60F322EED1370D8159A8C18F6128C93D"]}, {"type": "redhat", "idList": ["RHSA-2017:3071", "RHSA-2018:1170", "RHSA-2018:1345", "RHSA-2018:1348", "RHSA-2018:1352", "RHSA-2018:1353", "RHSA-2018:1354", "RHSA-2018:1737", "RHSA-2018:2228", "RHSA-2018:2256", "RHSA-2018:2575", "RHSA-2018:2712", "RHSA-2018:2846", "RHSA-2018:3397"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-18017", "RH:CVE-2018-0494", "RH:CVE-2018-1061", "RH:CVE-2018-1068", "RH:CVE-2018-10872", "RH:CVE-2018-1113", "RH:CVE-2018-12539", "RH:CVE-2018-1517", "RH:CVE-2018-2964", "RH:CVE-2018-3639", "RH:CVE-2018-5710", "RH:CVE-2018-5729", "RH:CVE-2018-5730"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30528", "SECURITYVULNS:VULN:13701"]}, {"type": "seebug", "idList": ["SSV:97082"]}, {"type": "slackware", "idList": ["SSA-2017-112-02", "SSA-2017-306-02", "SSA-2017-342-01", "SSA-2018-129-02"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:0627-1", "OPENSUSE-SU-2017:3358-1", "OPENSUSE-SU-2017:3359-1", "OPENSUSE-SU-2018:0089-1", "OPENSUSE-SU-2018:0223-1", "OPENSUSE-SU-2018:0494-1", "OPENSUSE-SU-2018:1057-1", "OPENSUSE-SU-2018:1274-1", "OPENSUSE-SU-2018:1380-1", "OPENSUSE-SU-2018:1383-1", "OPENSUSE-SU-2018:1418-1", "OPENSUSE-SU-2018:1420-1", "OPENSUSE-SU-2018:1487-1", "OPENSUSE-SU-2018:1628-1", "OPENSUSE-SU-2018:1773-1", "OPENSUSE-SU-2018:2399-1", "OPENSUSE-SU-2018:2402-1", "OPENSUSE-SU-2018:2404-1", "OPENSUSE-SU-2018:2407-1", "OPENSUSE-SU-2018:2712-1", "OPENSUSE-SU-2018:2854-1", "OPENSUSE-SU-2018:2958-1", "OPENSUSE-SU-2018:3057-1", "OPENSUSE-SU-2018:3103-1", "SUSE-SU-2017:3225-1", "SUSE-SU-2017:3226-1", "SUSE-SU-2017:3284-1", "SUSE-SU-2017:3285-1", "SUSE-SU-2017:3286-1", "SUSE-SU-2017:3287-1", "SUSE-SU-2017:3288-1", "SUSE-SU-2017:3289-1", "SUSE-SU-2017:3290-1", "SUSE-SU-2017:3291-1", "SUSE-SU-2017:3292-1", "SUSE-SU-2017:3293-1", "SUSE-SU-2017:3295-1", "SUSE-SU-2017:3296-1", "SUSE-SU-2017:3297-1", "SUSE-SU-2017:3299-1", "SUSE-SU-2017:3300-1", "SUSE-SU-2017:3301-1", "SUSE-SU-2017:3302-1", "SUSE-SU-2017:3303-1", "SUSE-SU-2017:3304-1", "SUSE-SU-2017:3305-1", "SUSE-SU-2017:3306-1", "SUSE-SU-2017:3307-1", "SUSE-SU-2017:3308-1", "SUSE-SU-2017:3309-1", "SUSE-SU-2017:3310-1", "SUSE-SU-2017:3312-1", "SUSE-SU-2017:3313-1", "SUSE-SU-2017:3314-1", "SUSE-SU-2017:3316-1", "SUSE-SU-2017:3317-1", "SUSE-SU-2017:3318-1", "SUSE-SU-2017:3319-1", "SUSE-SU-2017:3320-1", "SUSE-SU-2017:3321-1", "SUSE-SU-2017:3322-1", "SUSE-SU-2017:3323-1", "SUSE-SU-2017:3324-1", "SUSE-SU-2017:3332-1", "SUSE-SU-2017:3336-1", "SUSE-SU-2017:3337-1", "SUSE-SU-2017:3338-1", "SUSE-SU-2017:3340-1", "SUSE-SU-2018:0040-1", "SUSE-SU-2018:0074-1", "SUSE-SU-2018:0180-1", "SUSE-SU-2018:0213-1", "SUSE-SU-2018:0237-1", "SUSE-SU-2018:0238-1", "SUSE-SU-2018:0239-1", "SUSE-SU-2018:0240-1", "SUSE-SU-2018:0241-1", "SUSE-SU-2018:0242-1", "SUSE-SU-2018:0244-1", "SUSE-SU-2018:0245-1", "SUSE-SU-2018:0249-1", "SUSE-SU-2018:0250-1", "SUSE-SU-2018:0251-1", "SUSE-SU-2018:0252-1", "SUSE-SU-2018:0253-1", "SUSE-SU-2018:0265-1", "SUSE-SU-2018:0266-1", "SUSE-SU-2018:0268-1", "SUSE-SU-2018:0269-1", "SUSE-SU-2018:0270-1", "SUSE-SU-2018:0271-1", "SUSE-SU-2018:0272-1", "SUSE-SU-2018:0273-1", "SUSE-SU-2018:0274-1", "SUSE-SU-2018:0275-1", "SUSE-SU-2018:0276-1", "SUSE-SU-2018:0277-1", "SUSE-SU-2018:0278-1", "SUSE-SU-2018:0280-1", "SUSE-SU-2018:0281-1", "SUSE-SU-2018:0282-1", "SUSE-SU-2018:0296-1", "SUSE-SU-2018:0297-1", "SUSE-SU-2018:0340-1", "SUSE-SU-2018:0345-1", "SUSE-SU-2018:0346-1", "SUSE-SU-2018:0347-1", "SUSE-SU-2018:0451-1", "SUSE-SU-2018:0555-1", "SUSE-SU-2018:0565-1", "SUSE-SU-2018:0841-1", "SUSE-SU-2018:0988-1", "SUSE-SU-2018:0989-1", "SUSE-SU-2018:0990-1", "SUSE-SU-2018:0992-1", "SUSE-SU-2018:0993-1", "SUSE-SU-2018:0994-1", "SUSE-SU-2018:0995-1", "SUSE-SU-2018:0996-1", "SUSE-SU-2018:0997-1", "SUSE-SU-2018:0998-1", "SUSE-SU-2018:0999-1", "SUSE-SU-2018:1000-1", "SUSE-SU-2018:1001-1", "SUSE-SU-2018:1002-1", "SUSE-SU-2018:1003-1", "SUSE-SU-2018:1004-1", "SUSE-SU-2018:1005-1", "SUSE-SU-2018:1006-1", "SUSE-SU-2018:1007-1", "SUSE-SU-2018:1008-1", "SUSE-SU-2018:1009-1", "SUSE-SU-2018:1010-1", "SUSE-SU-2018:1011-1", "SUSE-SU-2018:1012-1", "SUSE-SU-2018:1013-1", "SUSE-SU-2018:1014-1", "SUSE-SU-2018:1015-1", "SUSE-SU-2018:1016-1", "SUSE-SU-2018:1018-1", "SUSE-SU-2018:1019-1", "SUSE-SU-2018:1020-1", "SUSE-SU-2018:1021-1", "SUSE-SU-2018:1022-1", "SUSE-SU-2018:1023-1", "SUSE-SU-2018:1024-1", "SUSE-SU-2018:1025-1", "SUSE-SU-2018:1026-1", "SUSE-SU-2018:1027-1", "SUSE-SU-2018:1028-1", "SUSE-SU-2018:1029-1", "SUSE-SU-2018:1030-1", "SUSE-SU-2018:1031-1", "SUSE-SU-2018:1032-1", "SUSE-SU-2018:1033-1", "SUSE-SU-2018:1034-1", "SUSE-SU-2018:1171-1", "SUSE-SU-2018:1173-1", "SUSE-SU-2018:1177-1", "SUSE-SU-2018:1181-1", "SUSE-SU-2018:1184-1", "SUSE-SU-2018:1202-1", "SUSE-SU-2018:1203-1", "SUSE-SU-2018:1216-1", "SUSE-SU-2018:1220-1", "SUSE-SU-2018:1221-1", "SUSE-SU-2018:1222-1", "SUSE-SU-2018:1223-1", "SUSE-SU-2018:1224-1", "SUSE-SU-2018:1225-1", "SUSE-SU-2018:1226-1", "SUSE-SU-2018:1227-1", "SUSE-SU-2018:1228-1", "SUSE-SU-2018:1229-1", "SUSE-SU-2018:1230-1", "SUSE-SU-2018:1231-1", "SUSE-SU-2018:1232-1", "SUSE-SU-2018:1233-1", "SUSE-SU-2018:1234-1", "SUSE-SU-2018:1235-1", "SUSE-SU-2018:1236-1", "SUSE-SU-2018:1237-1", "SUSE-SU-2018:1238-1", "SUSE-SU-2018:1239-1", "SUSE-SU-2018:1240-1", "SUSE-SU-2018:1241-1", "SUSE-SU-2018:1242-1", "SUSE-SU-2018:1243-1", "SUSE-SU-2018:1244-1", "SUSE-SU-2018:1245-1", "SUSE-SU-2018:1246-1", "SUSE-SU-2018:1247-1", "SUSE-SU-2018:1248-1", "SUSE-SU-2018:1249-1", "SUSE-SU-2018:1250-1", "SUSE-SU-2018:1251-1", "SUSE-SU-2018:1252-1", "SUSE-SU-2018:1253-1", "SUSE-SU-2018:1254-1", "SUSE-SU-2018:1255-1", "SUSE-SU-2018:1256-1", "SUSE-SU-2018:1257-1", "SUSE-SU-2018:1258-1", "SUSE-SU-2018:1259-1", "SUSE-SU-2018:1260-1", "SUSE-SU-2018:1261-1", "SUSE-SU-2018:1262-1", "SUSE-SU-2018:1263-1", "SUSE-SU-2018:1264-1", "SUSE-SU-2018:1266-1", "SUSE-SU-2018:1267-1", "SUSE-SU-2018:1268-1", "SUSE-SU-2018:1269-1", "SUSE-SU-2018:1270-1", "SUSE-SU-2018:1272-1", "SUSE-SU-2018:1273-1"]}, {"type": "symantec", "idList": ["SMNTC-1395", "SMNTC-1423", "SMNTC-1428", "SMNTC-1467"]}, {"type": "talosblog", "idList": ["TALOSBLOG:C19AB95C902B2507E8156BE7B09BE73B"]}, {"type": "tenable", "idList": ["TENABLE:FF52F52E6157E81F57A22D9356B954AC"]}, {"type": "thn", "idList": ["THN:C4C9BC61AD42FB9F46B30ECA56F71393"]}, {"type": "threatpost", "idList": ["THREATPOST:1C410BC5122B196A58BBDDCDA7A79983", "THREATPOST:8F3BA63C697CD0B0AD4CDF30B9CF0987", "THREATPOST:E454192F36C2E44BAE14AB9B62BE28DB", "THREATPOST:F646E92307240E4B7D00CC0FC73BCE0D"]}, {"type": "tomcat", "idList": ["TOMCAT:A98AD8015F0769C8A7E26579E64B5C0C"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:0CB92F2EE8EC7EB60BEEAFE3A0B1926F"]}, {"type": "ubuntu", "idList": ["USN-3349-1", "USN-3507-2", "USN-3509-1", "USN-3509-3", "USN-3511-1", "USN-3534-1", "USN-3619-2", "USN-3632-1", "USN-3641-1", "USN-3641-2", "USN-3643-1", "USN-3643-2", "USN-3644-1", "USN-3651-1", "USN-3652-1", "USN-3653-1", "USN-3653-2", "USN-3654-1", "USN-3654-2", "USN-3655-1", "USN-3655-2", "USN-3656-1", "USN-3677-1", "USN-3677-2", "USN-3679-1", "USN-3680-1", "USN-3740-1", "USN-3740-2", "USN-3741-1", "USN-3741-2", "USN-3741-3", "USN-3742-1", "USN-3742-2", "USN-3742-3", "USN-3777-1", "USN-3777-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-7562", "UB:CVE-2018-0494", "UB:CVE-2018-1000199", "UB:CVE-2018-1060", "UB:CVE-2018-1061", "UB:CVE-2018-1068", "UB:CVE-2018-10844", "UB:CVE-2018-10845", "UB:CVE-2018-10846", "UB:CVE-2018-1087", "UB:CVE-2018-1091", "UB:CVE-2018-13785", "UB:CVE-2018-1517", "UB:CVE-2018-15688", "UB:CVE-2018-1656", "UB:CVE-2018-2783", "UB:CVE-2018-2973", "UB:CVE-2018-3136", "UB:CVE-2018-3139", "UB:CVE-2018-3149", "UB:CVE-2018-3169", "UB:CVE-2018-3180", "UB:CVE-2018-3183", "UB:CVE-2018-3214", "UB:CVE-2018-3639", "UB:CVE-2018-5391", "UB:CVE-2018-5729", "UB:CVE-2018-5730", "UB:CVE-2018-8897"]}, {"type": "virtuozzo", "idList": ["VZA-2017-113", "VZA-2017-114", "VZA-2018-005", "VZA-2018-014", "VZA-2018-015", "VZA-2018-016", "VZA-2018-017", "VZA-2018-028", "VZA-2018-029", "VZA-2018-030", "VZA-2018-032", "VZA-2018-033", "VZA-2018-034", "VZA-2018-037", "VZA-2018-047", "VZA-2018-048", "VZA-2018-074", "VZA-2018-075"]}, {"type": "vmware", "idList": ["VMSA-2014-0008"]}, {"type": "xen", "idList": ["XSA-260", "XSA-263"]}, {"type": "zdt", "idList": ["1337DAY-ID-24818", "1337DAY-ID-30427", "1337DAY-ID-30428", "1337DAY-ID-30720"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "ibm security privileged identity manager", "version": 2}]}, "epss": [{"cve": "CVE-2014-0114", "epss": "0.973390000", "percentile": "0.997750000", "modified": "2023-03-17"}, {"cve": "CVE-2014-7810", "epss": "0.002890000", "percentile": "0.640810000", "modified": "2023-03-17"}, {"cve": "CVE-2015-0899", "epss": "0.949070000", "percentile": "0.987940000", "modified": "2023-03-17"}, {"cve": "CVE-2015-5180", "epss": "0.016210000", "percentile": "0.855070000", "modified": "2023-03-17"}, {"cve": "CVE-2016-0701", "epss": "0.118840000", "percentile": "0.944020000", "modified": "2023-03-18"}, {"cve": "CVE-2016-0705", "epss": "0.033080000", "percentile": "0.898050000", "modified": "2023-03-17"}, {"cve": "CVE-2016-1181", "epss": "0.022080000", "percentile": "0.876950000", "modified": "2023-03-17"}, {"cve": "CVE-2016-1182", "epss": "0.334130000", "percentile": "0.963580000", "modified": "2023-03-17"}, {"cve": "CVE-2016-5725", "epss": "0.010310000", "percentile": "0.815770000", "modified": "2023-03-17"}, {"cve": "CVE-2016-9396", "epss": "0.028410000", "percentile": "0.891140000", "modified": "2023-03-17"}, {"cve": "CVE-2017-1000050", "epss": "0.009430000", "percentile": "0.807440000", "modified": "2023-03-17"}, {"cve": "CVE-2017-1000407", "epss": "0.003540000", "percentile": "0.675730000", "modified": "2023-03-18"}, {"cve": "CVE-2017-11368", "epss": "0.003440000", "percentile": "0.670680000", "modified": "2023-03-17"}, {"cve": "CVE-2017-12132", "epss": "0.003200000", "percentile": "0.658990000", "modified": "2023-03-17"}, {"cve": "CVE-2017-15116", "epss": "0.000620000", "percentile": "0.245550000", "modified": "2023-03-17"}, {"cve": "CVE-2017-15670", "epss": "0.002590000", "percentile": "0.619540000", "modified": "2023-03-17"}, {"cve": "CVE-2017-16939", "epss": "0.000430000", "percentile": "0.074300000", "modified": "2023-03-17"}, {"cve": "CVE-2017-18017", "epss": "0.965120000", "percentile": "0.992850000", "modified": "2023-03-18"}, {"cve": "CVE-2017-3732", "epss": "0.008180000", "percentile": "0.792380000", "modified": "2023-03-18"}, {"cve": "CVE-2017-3736", "epss": "0.002810000", "percentile": "0.635250000", "modified": "2023-03-18"}, {"cve": "CVE-2017-3737", "epss": "0.966690000", "percentile": "0.993610000", "modified": "2023-03-18"}, {"cve": "CVE-2017-3738", "epss": "0.007640000", "percentile": "0.783850000", "modified": "2023-03-18"}, {"cve": "CVE-2017-6462", "epss": "0.000420000", "percentile": "0.056410000", "modified": "2023-03-17"}, {"cve": "CVE-2017-6463", "epss": "0.009080000", "percentile": "0.803560000", "modified": "2023-03-17"}, {"cve": "CVE-2017-6464", "epss": "0.075820000", "percentile": "0.930820000", "modified": "2023-03-17"}, {"cve": "CVE-2017-7562", "epss": "0.002450000", "percentile": "0.607230000", "modified": "2023-03-18"}, {"cve": "CVE-2018-0494", "epss": "0.181180000", "percentile": "0.953270000", "modified": "2023-03-18"}, {"cve": "CVE-2018-1000199", "epss": "0.000440000", "percentile": "0.081830000", "modified": "2023-03-18"}, {"cve": "CVE-2018-1049", "epss": "0.031760000", "percentile": "0.896320000", "modified": "2023-03-18"}, {"cve": "CVE-2018-1060", "epss": "0.003330000", "percentile": "0.665890000", "modified": "2023-03-18"}, {"cve": "CVE-2018-1061", "epss": "0.005010000", "percentile": "0.726790000", "modified": "2023-03-18"}, {"cve": "CVE-2018-1068", "epss": "0.000650000", "percentile": "0.265550000", "modified": "2023-03-18"}, {"cve": "CVE-2018-10844", "epss": "0.013940000", "percentile": "0.843400000", "modified": "2023-03-18"}, {"cve": "CVE-2018-10845", "epss": "0.014470000", "percentile": "0.846040000", "modified": "2023-03-18"}, {"cve": "CVE-2018-10846", "epss": "0.000470000", "percentile": "0.142140000", "modified": "2023-03-18"}, {"cve": "CVE-2018-1087", "epss": "0.000460000", "percentile": "0.139690000", "modified": "2023-03-18"}, {"cve": "CVE-2018-1091", "epss": "0.000450000", "percentile": "0.120200000", "modified": "2023-03-18"}, {"cve": "CVE-2018-1113", "epss": "0.000470000", "percentile": "0.141860000", "modified": "2023-03-18"}, {"cve": "CVE-2018-12539", "epss": "0.000450000", "percentile": "0.126050000", "modified": "2023-03-18"}, {"cve": "CVE-2018-13785", "epss": "0.021290000", "percentile": "0.874690000", "modified": "2023-03-18"}, {"cve": "CVE-2018-1426", "epss": "0.004700000", "percentile": "0.717660000", "modified": "2023-03-18"}, {"cve": "CVE-2018-1427", "epss": "0.000420000", "percentile": "0.056370000", "modified": "2023-03-18"}, {"cve": "CVE-2018-1428", "epss": "0.000550000", "percentile": "0.208940000", "modified": "2023-03-18"}, {"cve": "CVE-2018-1517", "epss": "0.063870000", "percentile": "0.925290000", "modified": "2023-03-18"}, {"cve": "CVE-2018-1567", "epss": "0.004910000", "percentile": "0.724380000", "modified": "2023-03-18"}, {"cve": "CVE-2018-15688", "epss": "0.002470000", "percentile": "0.608610000", "modified": "2023-03-17"}, {"cve": "CVE-2018-1618", "epss": "0.001730000", "percentile": "0.527490000", "modified": "2023-03-18"}, {"cve": "CVE-2018-1622", "epss": "0.000680000", "percentile": "0.277930000", "modified": "2023-03-18"}, {"cve": "CVE-2018-1623", "epss": "0.000440000", "percentile": "0.102140000", "modified": "2023-03-18"}, {"cve": "CVE-2018-1625", "epss": "0.000500000", "percentile": "0.173020000", "modified": "2023-03-18"}, {"cve": "CVE-2018-1626", "epss": "0.000500000", "percentile": "0.173020000", "modified": "2023-03-18"}, {"cve": "CVE-2018-1640", "epss": "0.001640000", "percentile": "0.512850000", "modified": "2023-03-18"}, {"cve": "CVE-2018-1656", "epss": "0.002430000", "percentile": "0.604860000", "modified": "2023-03-18"}, {"cve": "CVE-2018-1680", "epss": "0.001070000", "percentile": "0.419690000", "modified": "2023-03-18"}, {"cve": "CVE-2018-1719", "epss": "0.001170000", "percentile": "0.440190000", "modified": "2023-03-18"}, {"cve": "CVE-2018-1767", "epss": "0.001010000", "percentile": "0.399770000", "modified": "2023-03-18"}, {"cve": "CVE-2018-1794", "epss": "0.001010000", "percentile": "0.399770000", "modified": "2023-03-18"}, {"cve": "CVE-2018-1901", "epss": "0.002050000", "percentile": "0.567610000", "modified": "2023-03-18"}, {"cve": "CVE-2018-1904", "epss": "0.004910000", "percentile": "0.724380000", "modified": "2023-03-18"}, {"cve": "CVE-2018-2641", "epss": "0.002460000", "percentile": "0.607950000", "modified": "2023-03-18"}, {"cve": "CVE-2018-2677", "epss": "0.003330000", "percentile": "0.666050000", "modified": "2023-03-18"}, {"cve": "CVE-2018-2783", "epss": "0.001960000", "percentile": "0.557670000", "modified": "2023-03-18"}, {"cve": "CVE-2018-2964", "epss": "0.006540000", "percentile": "0.763280000", "modified": "2023-03-17"}, {"cve": "CVE-2018-2973", "epss": "0.004410000", "percentile": "0.708530000", "modified": "2023-03-18"}, {"cve": "CVE-2018-3136", "epss": "0.001860000", "percentile": "0.541650000", "modified": "2023-03-18"}, {"cve": "CVE-2018-3139", "epss": "0.001980000", "percentile": "0.559110000", "modified": "2023-03-18"}, {"cve": "CVE-2018-3149", "epss": "0.002740000", "percentile": "0.630460000", "modified": "2023-03-18"}, {"cve": "CVE-2018-3169", "epss": "0.002960000", "percentile": "0.645380000", "modified": "2023-03-18"}, {"cve": "CVE-2018-3180", "epss": "0.001440000", "percentile": "0.485650000", "modified": "2023-03-18"}, {"cve": "CVE-2018-3183", "epss": "0.001650000", "percentile": "0.515100000", "modified": "2023-03-18"}, {"cve": "CVE-2018-3214", "epss": "0.002610000", "percentile": "0.620830000", "modified": "2023-03-18"}, {"cve": "CVE-2018-3639", "epss": "0.001380000", "percentile": "0.476910000", "modified": "2023-03-18"}, {"cve": "CVE-2018-5391", "epss": "0.009790000", "percentile": "0.811320000", "modified": "2023-03-18"}, {"cve": "CVE-2018-5729", "epss": "0.005810000", "percentile": "0.747420000", "modified": "2023-03-18"}, {"cve": "CVE-2018-5730", "epss": "0.002430000", "percentile": "0.605150000", "modified": "2023-03-18"}, {"cve": "CVE-2018-8897", "epss": "0.000610000", "percentile": "0.239890000", "modified": "2023-03-18"}], "vulnersScore": 1.0}, "_state": {"dependencies": 1677188632, "score": 1684013037, "affected_software_major_version": 1677355290, "epss": 1679165106}, "_internal": {"score_hash": "c711dfba3466c1a73f0615d17ff28fbd"}, "affectedSoftware": [{"version": "2.1.1", "operator": "eq", "name": "ibm security privileged identity manager"}]}

{"ibm": [{"lastseen": "2023-02-23T21:45:37", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition used by IBM Security Privileged Identity Manager (ISPIM). These issues were disclosed as part of the IBM Java SDK updates in July 2018, April 2018, January 2018, October 2017. \n\n\n## Vulnerability Details\n\n_**July 2018**_\n\n**CVEID:** [CVE-2016-0705](<https://vulners.com/cve/CVE-2016-0705>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111140> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-1656](<https://vulners.com/cve/CVE-2018-1656>) \n**DESCRIPTION:** The IBM Java Runtime Environment''s Diagnostic Tooling Framework for Java (DTFJ) does not protect against path traversal attacks when extracting compressed dump files. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144882> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2973](<https://vulners.com/cve/CVE-2018-2973>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JSSE component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146835> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2017-3732](<https://vulners.com/cve/CVE-2017-3732>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121313> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2016-0705](<https://vulners.com/cve/CVE-2016-0705>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111140> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-1517](<https://vulners.com/cve/CVE-2018-1517>) \n**DESCRIPTION:** A flaw in the java.math component in IBM SDK, Java Technology Edition may allow an attacker to inflict a denial-of-service attack with specially crafted String data. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141681> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-2964](<https://vulners.com/cve/CVE-2018-2964>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146827> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2973](<https://vulners.com/cve/CVE-2018-2973>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JSSE component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146835> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-12539](<https://vulners.com/cve/CVE-2018-12539>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a local attacker to gain elevated privileges on the system, caused by the failure to restrict the use of Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations to only the process owner. An attacker could exploit this vulnerability to execute untrusted native code and gain elevated privileges on the system. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148389> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n_**April 2018**_\n\n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n_**January 2018**_\n\n**CVEID:** [CVE-2018-2677](<https://vulners.com/cve/CVE-2018-2677>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137932> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2641](<https://vulners.com/cve/CVE-2018-2641>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137893> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n_**October 2017**_\n\n**CVEID:** [CVE-2017-10388](<https://vulners.com/cve/CVE-2017-10388>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Libraries component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/133813> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nProduct | VRMF \n---|--- \nIBM Security Privileged Identity Manager | 2.1.0 - 2.1.0.7 \nIBM Security Privileged Identity Manager | 2.0.2 - 2.0.2.10 \n \n## Remediation/Fixes\n\n**Product** | **VRMF** | **Remediation** \n---|---|--- \nIBM Security Privileged Identity Manager | 2.1.0 - 2.1.0.7 | [_2.1.0-ISS-ISPIM-VA-FP0008 _](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?fixids=2.1.0-ISS-ISPIM-VA-FP0008&mhq=2.1.0-ISS-ISPIM-VA-FP0008&mhsrc=ibmsearch_a&product=ibm%2FTivoli%2FIBM%20Security%20Privileged%20Identity%20Manager&source=dbluesearch&function=fixId&parent=IBM%20Security>) \nIBM Security Privileged Identity Manager | 2.0.2 - 2.0.2.10 | [_2.0.2-ISS-ISPIM-VA-FP0011_](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=Security%2BSystems&product=ibm/Tivoli/IBM+Security+Privileged+Identity+Manager&release=2.0.2&platform=Linux&function=fixId&fixids=2.0.2-ISS-ISPIM-VA-FP0011&includeRequisites=1&includeSup&login=true>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-07-02T02:50:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Privileged Identity Manager", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0705", "CVE-2017-10388", "CVE-2017-3732", "CVE-2018-12539", "CVE-2018-1517", "CVE-2018-1656", "CVE-2018-2641", "CVE-2018-2677", "CVE-2018-2783", "CVE-2018-2964", "CVE-2018-2973"], "modified": "2019-07-02T02:50:01", "id": "399718E68B1AC921F1F63310793CB30CE98BCB15C409BBB99985FB5BE97A027F", "href": "https://www.ibm.com/support/pages/node/871356", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-22T01:46:48", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 versions 8 used by IBM Spectrum Conductor with Spark 2.2.0, 2.2.1 and IBM Spectrum Conductor 2.3.0. IBM Spectrum Conductor has addressed the applicable CVEs.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the \"IBM Java SDK Security Bulletin\", located in the References section for more information.\n\n**CVEID: ** [CVE-2018-3139](<https://vulners.com/cve/CVE-2018-3139>) \n**DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151455> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N) \n \n**CVEID: ** [CVE-2018-3136](<https://vulners.com/cve/CVE-2018-3136>) \n**DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151452> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N) \n \n**CVEID: ** [CVE-2018-13785](<https://vulners.com/cve/CVE-2018-13785>) \n**DESCRIPTION: ** libpng is vulnerable to a denial of service, caused by a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146015> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n**CVEID: ** [CVE-2018-3214](<https://vulners.com/cve/CVE-2018-3214>) \n**DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Sound component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151530> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: ** [CVE-2018-3180](<https://vulners.com/cve/CVE-2018-3180>) \n**DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JSSE component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151497> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: ** [CVE-2018-3149](<https://vulners.com/cve/CVE-2018-3149>) \n**DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151465> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID: ** [CVE-2018-3169](<https://vulners.com/cve/CVE-2018-3169>) \n**DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151486> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID: ** [CVE-2018-3183](<https://vulners.com/cve/CVE-2018-3183>) \n**DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Scripting component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151500> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Spectrum Conductor with Spark: 2.2.0 - 2.2.1 \nIBM Spectrum Conductor: 2.3.0\n\n## Remediation/Fixes\n\n## **Packages**\n\n**Product** | **VRMF** | **APAR** | **Remediation/First Fix** \n---|---|---|--- \nIBM Spectrum Conductor with Spark | 2.2.0 | _P102842_ | \n\n[_egojre-8.0.5.25.x86_64.rpm_](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Conductor+with+Spark&release=All&platform=All&function=fixId&fixids=cws-2.2-build509248&includeSupersedes=0>) \n \nIBM Spectrum Conductor with Spark | 2.2.1 | _P102842_ | \n\n[_egojre-8.0.5.25.x86_64.rpm_](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Conductor+with+Spark&release=All&platform=All&function=fixId&fixids=cws-2.2.1-build509249&includeSupersedes=0>) \n \nIBM Spectrum Conductor | 2.3.0 | _P102842_ | \n\n[_egojre-8.0.5.25.x86_64.rpm_](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Conductor+with+Spark&release=All&platform=All&function=fixId&fixids=sc-2.3-build509250&includeSupersedes=0>) \n \n## **Before installation**\n\n 1. Log in to the cluster management console as the cluster administrator and stop all Spark instance groups.\n 2. Log on to the master host as the cluster administrator: \n&gt; egosh user logon -u Admin -x Admin\n 3. Stop all services and shut down the cluster: \n&gt; egosh service stop all \n&gt; egosh ego shutdown all\n\n## **Installation and verification**\n\n#### _**IBM Spectrum Conductor with Spark 2.2.0**_\n\n 1. Log on to each host in your cluster (root or sudo to root permission).\n 2. Define the **CLUSTERADMIN** environment variable and set it to any valid operating user account, which then owns all installation files, for example: \n&gt; export CLUSTERADMIN=egoadmin\n 3. Upgrade the JRE by using the RPM for the interim fix. \nNOTE: RPM version 4.2.1 or later must be installed on the host. \n\nFor example, on Linux x86_64 hosts, enter: \n&gt; mkdir -p /tmp/cws22build509248 \n&gt; tar zxof cws-2.2.0.0_x86_64_build509248.tgz -C /tmp/cws22build509248 \n&gt; rpm -ivh --replacefiles --prefix $EGO_TOP --dbpath _dbpath_location__ _/tmp/cws22build509248/egojre-8.0.5.25.x86_64.rpm \nwhere _$EGO_TOP _specifies the path to where the cluster is installed and_ dbpath_location_ specifies the path to your database.\n\n 4. The _cshrc.jre _and _profile.jre_ files are updated to the current JRE version. If you made copies of these files, ensure that you update the copied files with the new JRE version.\n\n 5. Source the cluster profile again and start the cluster: \n&gt; egosh ego start all\n 6. Log in to the cluster management console as the cluster administrator and start the required Spark instance groups.\n 7. Run the **rpm \u2013qa** command to verify the installation: \n&gt; rpm -qa --dbpath _dbpath_location_ |grep egojre\n\negojre-8.0.5.25-509248.x86_64\n\n#### _**IBM Spectrum Conductor with Spark 2.2.1**_\n\n 1. Log on to each host in your cluster (root or sudo to root permission).\n 2. Define the **CLUSTERADMIN** environment variable and set it to any valid operating user account, which then owns all installation files, for example: \n&gt; export CLUSTERADMIN=egoadmin\n 3. Upgrade the JRE by using the RPM for the interim fix. \nNOTE: RPM version 4.2.1 or later must be installed on the host. \n\nFor example, on Linux x86_64 hosts, enter: \n&gt; mkdir -p /tmp/cws221build509249 \n&gt; tar zxof cws-2.2.1.0_x86_64_build509249.tgz -C /tmp/cws221build509249 \n&gt; rpm -ivh --replacefiles --prefix $EGO_TOP --dbpath _dbpath_location__ _/tmp/cws221build509249/egojre-8.0.5.25.x86_64.rpm \nwhere _$EGO_TOP _specifies the path to where the cluster is installed and_ dbpath_location_ specifies the path to your database. \nThe _cshrc.jre _and _profile.jre_ files are updated to the current JRE version. If you made copies of these files, ensure that you update the copied files with the new JRE version.\n\n 4. Source the cluster profile again and start the cluster: \n&gt; egosh ego start all\n 5. Log in to the cluster management console as the cluster administrator and start the required Spark instance groups.\n 6. Run the **rpm \u2013qa** command to verify the installation: \n&gt; rpm -qa --dbpath _dbpath_location_ |grep egojre\n\negojre-8.0.5.25-509249.x86_64\n\n#### _**IBM Spectrum Conductor 2.3.0**_\n\n 1. Log on to each host in your cluster (root or sudo to root permission).\n 2. Define the **CLUSTERADMIN** environment variable and set it to any valid operating user account, which then owns all installation files, for example: \n&gt; export CLUSTERADMIN=egoadmin\n 3. Upgrade the JRE by using the RPM for the interim fix. \nNOTE: RPM version 4.2.1 or later must be installed on the host. Ensure that you replace _dbpath_location_ in the following commands with the path to your database. \nFor example, on Linux x86_64 hosts, enter: \n&gt; mkdir -p /tmp/sc230build509250 \n&gt; tar zxof conductor-2.3.0.0_x86_64_build509250.tgz -C /tmp/sc230build509250 \n&gt; rpm -ivh --replacefiles --prefix $EGO_TOP --dbpath _dbpath_location__ _/tmp/sc230build509250/egojre-8.0.5.25.x86_64.rpm \nwhere _$EGO_TOP _specifies the path to where the cluster is installed and_ dbpath_location_ specifies the path to your database. \nThe _cshrc.jre _and _profile.jre_ files are updated to the current JRE version. If you made copies of these files, ensure that you update the copied files with the new JRE version.\n 4. Source the cluster profile again and start the cluster: \n&gt; egosh ego start all\n 5. Log in to the cluster management console as the cluster administrator and start the required Spark instance groups.\n 6. Run the **rpm \u2013qa** command to verify the installation: \n&gt; rpm -qa --dbpath _dbpath_location_ |grep egojre\n\negojre-8.0.5.25-509250.x86_64\n\n## **Uninstallation (if required)**\n\n_**IBM Spectrum Conductor with Spark 2.2.0**_\n\n 1. Log in to the cluster management console as the cluster administrator and stop all Spark instance groups.\n 2. Log on to the master host as the cluster administrator: \n&gt; egosh user logon -u Admin -x Admin\n 3. Stop services and shut down the cluster: \n&gt; egosh service stop all \n&gt; egosh ego shutdown all\n 4. Log on to each host in your cluster (root or sudo to root permission).\n 5. Define the **CLUSTERADMIN** environment variable and set it to any valid operating user account, which then owns all installation files, for example: \n&gt; export CLUSTERADMIN=egoadmin\n 6. Uninstall the existing JRE and then install the old JRE. \nNOTE: RPM version 4.2.1 or later must be installed on the host. \nFor example, on Linux x86_64 hosts, enter: \n\n&gt; rpm -e egojre-8.0.5.25-509248.x86_64 --dbpath _dbpath_location_ \\--nodeps \n&gt; rpm -qa --dbpath _dbpath_location_ |grep egojre \nwhere _dbpath_location_ specifies the path to your database. \nFor each previous egojre rpm, run: \n&gt; rpm -e [egojre_name] --dbpath _dbpath_location_ \\--nodeps \nThen, install the old JRE: \n&gt; mkdir -p /tmp/extract22 \n&gt; cws-2.2.0.0_x86_64.bin --extract /tmp/extract22 \n&gt; rpm -ivh --prefix $EGO_TOP --dbpath _dbpath_location__ _/tmp/extract22/egojre-*.rpm \nwhere _$EGO_TOP _specifies the path to where the cluster is installed and_ dbpath_location_ specifies the path to your database.\n\n 7. Source the cluster profile and start the cluster: \n&gt; egosh ego start all\n 8. Log in to the cluster management console as the cluster administrator and start the required Spark instance groups.\n\n_**IBM Spectrum Conductor with Spark 2.2.1**_\n\n 1. Log in to the cluster management console as the cluster administrator and stop all Spark instance groups.\n 2. Log on to the master host as the cluster administrator: \n&gt; egosh user logon -u Admin -x Admin\n 3. Stop services and shut down the cluster: \n&gt; egosh service stop all \n&gt; egosh ego shutdown all\n 4. Log on to each host in your cluster (root or sudo to root permission).\n 5. Define the **CLUSTERADMIN** environment variable and set it to any valid operating user account, which then owns all installation files, for example: \n&gt; export CLUSTERADMIN=egoadmin\n 6. Uninstall the existing JRE and then install the old JRE. \nFor example, on Linux x86_64 hosts, enter: \n\n&gt; rpm -e egojre-8.0.5.25-509249.x86_64 --dbpath _dbpath_location_ \\--nodeps \n&gt; rpm -qa --dbpath _dbpath_location_ |grep egojre \nwhere _dbpath_location_ specifies the path to your database. \nFor each previous egojre rpm, run: \n&gt; rpm -e [egojre_name] --dbpath _dbpath_location_ \\--nodeps \nThen, install the old JRE: \n&gt; mkdir -p /tmp/extract221 \n&gt; cws-2.2.1.0_x86_64.bin --extract /tmp/extract221 \n&gt; rpm -ivh --prefix $EGO_TOP --dbpath _dbpath_location__ _/tmp/extract221/egojre-*.rpm \nwhere _$EGO_TOP _specifies the path to where the cluster is installed and_ dbpath_location_ specifies the path to your database.\n\n 7. Source the cluster profile and start the cluster: \n&gt; egosh ego start all\n 8. Log in to the cluster management console as the cluster administrator and start the required Spark instance groups.\n\n_**IBM Spectrum Conductor 2.3.0**_\n\n 1. Log in to the cluster management console as the cluster administrator and stop all Spark instance groups.\n 2. Log on to the master host as the cluster administrator: \n&gt; egosh user logon -u Admin -x Admin\n 3. Stop services and shut down the cluster: \n&gt; egosh service stop all \n&gt; egosh ego shutdown all\n 4. Log on to each host in your cluster (root or sudo to root permission).\n 5. Define the **CLUSTERADMIN** environment variable and set it to any valid operating user account, which then owns all installation files, for example: \n&gt; export CLUSTERADMIN=egoadmin\n 6. Uninstall the existing JRE and then install the old JRE. \nNOTE: RPM version 4.2.1 or later must be installed on the host. \nFor example, on Linux x86_64 hosts, enter: \n&gt; rpm -e egojre-8.0.5.25-509250.x86_64 --dbpath _dbpath_location_ \\--nodeps \n&gt; rpm -qa --dbpath _dbpath_location_ |grep egojre \nwhere _dbpath_location_ specifies the path to your database. \nFor each previous egojre rpm, run: \n&gt; rpm -e [egojre_name] --dbpath _dbpath_location_ \\--nodeps \nThen, install the old JRE: \n&gt; mkdir -p /tmp/extract23 \n&gt; conductor2.3.0.0_x86_64.bin --extract /tmp/extract23 \n&gt; rpm -ivh --prefix $EGO_TOP --dbpath _dbpath_location _/tmp/extract23/egojre-*.rpm \nwhere _$EGO_TOP _specifies the path to where the cluster is installed and_ dbpath_location_ specifies the path to your database.\n 7. Source the cluster profile and start the cluster: \n&gt; egosh ego start all\n 8. Log in to the cluster management console as the cluster administrator and start the required Spark instance groups.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-02-22T13:30:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Conductor", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-13785", "CVE-2018-3136", "CVE-2018-3139", "CVE-2018-3149", "CVE-2018-3169", "CVE-2018-3180", "CVE-2018-3183", "CVE-2018-3214"], "modified": "2019-02-22T13:30:01", "id": "805F398ACAA1D762CBD1274F2D4D60F5556456BDCF3CB982B1D1AE756AAB63C3", "href": "https://www.ibm.com/support/pages/node/792259", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:45:34", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 8 used by IBM Netcool Agile Service Manager. IBM Netcool Agile Service Manager has addressed the applicable CVEs. \n \nThese issues were disclosed as part of the IBM Java SDK updates in October 2018. \n\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-3139](<https://vulners.com/cve/CVE-2018-3139>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151455> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-3136](<https://vulners.com/cve/CVE-2018-3136>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151452> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-13785](<https://vulners.com/cve/CVE-2018-13785>) \n**DESCRIPTION:** libpng is vulnerable to a denial of service, caused by a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146015> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-3214](<https://vulners.com/cve/CVE-2018-3214>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Sound component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151530> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-3180](<https://vulners.com/cve/CVE-2018-3180>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JSSE component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151497> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-3149](<https://vulners.com/cve/CVE-2018-3149>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151465> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3169](<https://vulners.com/cve/CVE-2018-3169>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151486> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3183](<https://vulners.com/cve/CVE-2018-3183>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Scripting component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151500> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Netcool Agile Service Manager 1.1.1\n\nIBM Netcool Agile Service Manager 1.1.2\n\n## Remediation/Fixes\n\nUpdate to IBM Netcool Agile Service Manager 1.1.3\n\nTo install Netcool\u00ae Agile Service Manager Version 1.1.3, you download the installation images from IBM\u00ae Passport Advantage\u00ae. You then follow standard installation procedures, whether you install a new instance of Agile Service Manager, or upgrade an existing version.\n\n# [Download Netcool Agile Service Manager v1.1.3 (updated 10 October 2018)](<http://www-01.ibm.com/support/docview.wss?uid=swg24043717>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-07-03T05:10:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-13785", "CVE-2018-3136", "CVE-2018-3139", "CVE-2018-3149", "CVE-2018-3169", "CVE-2018-3180", "CVE-2018-3183", "CVE-2018-3214"], "modified": "2019-07-03T05:10:01", "id": "E2CBBE23DEEE9BC79FCD931473BBF43A02A571073DC0773408485263D4954530", "href": "https://www.ibm.com/support/pages/node/870042", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:45:26", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 8 used by IBM Spectrum LSF Process Manager. IBM Spectrum LSF Process Manager has addressed the applicable CVEs.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the \"IBM Java SDK Security Bulletin\", located in the References section for more information.\n\n**CVEID:** _[CVE-2018-3183](<https://vulners.com/cve/CVE-2018-3183>)_ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Scripting component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 9 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/151500](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151500>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n**CVEID:** _[CVE-2018-3169](<https://vulners.com/cve/CVE-2018-3169>)_ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/151486](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151486>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** _[CVE-2018-3149](<https://vulners.com/cve/CVE-2018-3149>)_ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/151465](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151465>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** _[CVE-2018-3180](<https://vulners.com/cve/CVE-2018-3180>)_ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JSSE component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/151497](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151497>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** _[CVE-2018-3214](<https://vulners.com/cve/CVE-2018-3214>)_ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Sound component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/151530](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151530>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** _[CVE-2018-13785](<https://vulners.com/cve/CVE-2018-13785>)_ \n**DESCRIPTION:** libpng is vulnerable to a denial of service, caused by a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/146015](<https://exchange.xforce.ibmcloud.com/vulnerabilities/146015>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** _[CVE-2018-3136](<https://vulners.com/cve/CVE-2018-3136>)_ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.4 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/151452](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151452>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N)\n\n**CVEID:** _[CVE-2018-3139](<https://vulners.com/cve/CVE-2018-3139>)_ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/151455](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151455>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Spectrum LSF Process Manager 10.2\n\n## Remediation/Fixes\n\n_&lt;Product_\n\n| \n\n_VRMF_\n\n| \n\n_APAR_\n\n| \n\n_Remediation/First Fix_ \n \n---|---|---|--- \n \nIBM Spectrum LSF Process Manager\n\n| \n\n_10.2_\n\n| \n\n_None_\n\n| \n\n 1. Download IBM JRE 8.0 from the following location: _[http://www.ibm.com/support/fixcentral](<http://www.ibm.com/support/fixcentral>)_. (The followings steps are using x86_64 as an example.)\n 2. Copy the tar package into the PM server host.\n 3. Log on the PM server host as root, stop jfd. \n# jadmin stop\n 4. On the PM server host, extract new JRE files and replace old folders with new ones.\n\n# chmod +x ibm-java-x86_64-jre-8.0-5.25.bin\n\n# ./ibm-java-x86_64-jre-8.0-5.25.bin \n# mv /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre-old\n\n# mkdir -p /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre \n# cp -r ibm-java-x86_64-80/* /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre \n# mv /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre/jre/bin /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre \n# mv /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre/jre/lib /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre \n# mv /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre/jre/plugin /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre\n\n# rm -rf /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre/jre\n\n 5. On the PM server host, start jfd \n# jadmin start \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-11-30T05:15:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum LSF Process Manager", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-13785", "CVE-2018-3136", "CVE-2018-3139", "CVE-2018-3149", "CVE-2018-3169", "CVE-2018-3180", "CVE-2018-3183", "CVE-2018-3214"], "modified": "2018-11-30T05:15:01", "id": "963D20C2EC030B493208E1FF91F23A1446CBD063F7C0A209E567CA1EB76C8448", "href": "https://www.ibm.com/support/pages/node/738617", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-22T01:46:21", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Versions 6, 7, and 8, and IBM\u00ae Runtime Environment Java\u2122, Versions 6, 7, and 8 that are used by IBM\u00ae Intelligent Operations Center, IBM\u00ae Intelligent Operations Center for Emergency Management, and IBM\u00ae Water Operations for Waternamics. IBM\u00ae Intelligent Operations Center has addressed the applicable CVEs. \nThese issues were disclosed as part of the IBM Java SDK updates in October 2018. \n\n\n## Vulnerability Details\n\nIf you run your own Java\u2122 code using the IBM\u00ae Java\u2122 Runtime that is delivered with this product, you should evaluate your code to determine whether additional Java\u2122 vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the \"IBM Java SDK Security Bulletin\" located in the References section for more information.\n\n**CVE IDs:** CVE-2018-3183 CVE-2018-3169 CVE-2018-3149 CVE-2018-3180 CVE-2018-3214 CVE-2018-13785 CVE-2018-3136 CVE-2018-3139\n\n**CVEID:** [_CVE-2018-3183_](<https://vulners.com/cve/CVE-2018-3183>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Scripting component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151500> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-3169_](<https://vulners.com/cve/CVE-2018-3169>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151486> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-3149_](<https://vulners.com/cve/CVE-2018-3149>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151465> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-3180_](<https://vulners.com/cve/CVE-2018-3180>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JSSE component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151497> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2018-3214_](<https://vulners.com/cve/CVE-2018-3214>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Sound component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151530> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-13785_](<https://vulners.com/cve/CVE-2018-13785>) \n**DESCRIPTION:** libpng is vulnerable to a denial of service, caused by a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146015> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2018-3136_](<https://vulners.com/cve/CVE-2018-3136>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151452> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2018-3139_](<https://vulners.com/cve/CVE-2018-3139>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151455> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\n**Principal Product and Versions**\n\n| **Affected Supporting Products and Versions** \n---|--- \nIBM\u00ae Intelligent Operations Center V1.6.0 - V5.1.0.14 | \n\nIBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 55 and earlier releases\n\nIBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 55 and earlier releases\n\nIBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 15 and earlier releases\n\nIBM SDK, Java Technology Edition, Version 7R1 Service Refresh 4 Fix Pack 15 and earlier releases\n\nIBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix Pack 7 and earlier releases \n \nIBM\u00ae Intelligent Operations Center for Emergency Management V1.6 - V5.1.0.6 \nIBM\u00ae Water Operations for Waternamics V5.1 - V5.2.1.1 \n \n## Remediation/Fixes\n\nThe fix for this issue is available in IBM\u00ae Intelligent Operations Center version 5.2 on [Passport Advantage](<http://www.ibm.com/software/passportadvantage/pao_customer.html>).\n\n## Workarounds and Mitigations\n\nUntil you apply the fixes, it may be possible to reduce the risk of successful attacks by restricting network protocols required by an attack. For attacks that require certain privileges or access to certain packages, removing the privileges or the ability to access the packages from unprivileged users may help reduce the risk of successful attack. Both approaches may break application functionality, so IBM strongly recommends that customers test changes on non-production systems. Neither approach should be considered a long-term solution as neither corrects the underlying problem.\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-05-21T10:45:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java\u2122 SDK and IBM\u00ae Java\u2122 Runtime affect IBM\u00ae Intelligent Operations Center products", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-13785", "CVE-2018-3136", "CVE-2018-3139", "CVE-2018-3149", "CVE-2018-3169", "CVE-2018-3180", "CVE-2018-3183", "CVE-2018-3214"], "modified": "2019-05-21T10:45:01", "id": "C8FF79949024BC54CBA611CDE67346D82439C38D6482F3748BE505D3A9532CC8", "href": "https://www.ibm.com/support/pages/node/791133", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-22T01:46:45", "description": "## Summary\n\nThere are multiple vulnerabilities in Oracle Java SE which is used by IBM Spectrum Protect\u2122 Plus. These issues were disclosed as part of the Oracle Critical Patch Update (CPU) in October 2018. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-3136](<https://vulners.com/cve/CVE-2018-3136>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151452> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-3139](<https://vulners.com/cve/CVE-2018-3139>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151455> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-3149](<https://vulners.com/cve/CVE-2018-3149>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151465> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3169](<https://vulners.com/cve/CVE-2018-3169>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151486> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3180](<https://vulners.com/cve/CVE-2018-3180>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JSSE component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151497> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-3183](<https://vulners.com/cve/CVE-2018-3183>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Scripting component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151500> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3214](<https://vulners.com/cve/CVE-2018-3214>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Sound component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151530> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-13785](<https://vulners.com/cve/CVE-2018-13785>) \n**DESCRIPTION:** libpng is vulnerable to a denial of service, caused by a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146015> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n\n\n## Affected Products and Versions\n\nIBM Spectrum Protect Plus versions 10.1.0 through 10.1.2.\n\n## Remediation/Fixes\n\n**_IBM Spectrum Protect Plus Release_**\n\n| **_First Fixing \nVRM Level_** | **_Platform_** | **_Link to Fix / Fix Availability Target_** \n---|---|---|--- \n \n10.1\n\n| 10.1.3 | Linux | \n\n<https://www.ibm.com/support/docview.wss?uid=ibm10743897> \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-02-25T21:30:02", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Oracle Java SE affect IBM Spectrum Protect Plus (CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3183, CVE-2018-3214, CVE-2018-13785)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-13785", "CVE-2018-3136", "CVE-2018-3139", "CVE-2018-3149", "CVE-2018-3169", "CVE-2018-3180", "CVE-2018-3183", "CVE-2018-3214"], "modified": "2019-02-25T21:30:02", "id": "134D70F38973A4CF5EAF6C19048E39F5CC623F71FC41D9EFB895FD2A8BD2A78F", "href": "https://www.ibm.com/support/pages/node/796384", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-22T01:47:20", "description": "## Summary\n\nThere are vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU - Oct 2018 - Includes Oracle Oct 2018 CPU used by IBM Streams. IBM Streams has addressed the applicable CVEs. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-3139](<https://vulners.com/cve/CVE-2018-3139>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151455> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-3136](<https://vulners.com/cve/CVE-2018-3136>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151452> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-13785](<https://vulners.com/cve/CVE-2018-13785>) \n**DESCRIPTION:** libpng is vulnerable to a denial of service, caused by a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146015> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-3214](<https://vulners.com/cve/CVE-2018-3214>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Sound component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151530> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-3180](<https://vulners.com/cve/CVE-2018-3180>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JSSE component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151497> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-3149](<https://vulners.com/cve/CVE-2018-3149>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151465> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3169](<https://vulners.com/cve/CVE-2018-3169>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151486> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3183](<https://vulners.com/cve/CVE-2018-3183>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Scripting component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151500> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected InfoSphere Streams | Affected Versions \n---|--- \nInfoSphere Streams | 4.0.1.6 and earlier \nInfoSphere Streams | 3.2.1.6 and earlier \nIBM Streams | 4.1.1.7 and earlier \nIBM Streams | 4.2.1.5 and earlier \nIBM Streams | 4.3.0.0 \n \n## Remediation/Fixes\n\nNOTE: Fix Packs are available on IBM Fix Central.\n\nTo remediate/fix this issue, follow the instructions below:\n\nVersion 4.3.x: Apply [_ 4.3.0 Fix Pack 1 (4.3.0.1) or higher_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EInformation%20Management&product=ibm/Information+Management/InfoSphere+Streams&release=4.3.0.0&platform=All&function=all>) . \nVersion 4.2.x: Apply [_4.2.1 Fix Pack 4 (4.2.1.6) or higher_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/InfoSphere+Streams&release=4.2.1.0&platform=All&function=all>) . \nVersion 4.1.x: Apply [_4.1.1 Fix Pack 6 (4.1.1.8) or higher_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/InfoSphere+Streams&release=4.1.1.0&platform=All&function=all>) . \nVersion 4.0.x: Apply [_4.0.1 Fix Pack 6 (4.0.1.6) or higher_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/InfoSphere+Streams&release=4.0.1.0&platform=All&function=all>) . \nVersions 3.2.x, 3.1.x, and 3.0.x: For versions earlier than 4.x.x, IBM recommends upgrading to a fixed, supported version/release/platform of the product. Customers who cannot upgrade and need to secure their installation should open a PMR with IBM Technical Support and request assistance securing their InfoSphere Streams system against the vulnerabilities identified in this Security Bulletin.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-01-16T16:10:01", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU - Oct 2018 - Includes Oracle Oct 2018 CPU", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-13785", "CVE-2018-3136", "CVE-2018-3139", "CVE-2018-3149", "CVE-2018-3169", "CVE-2018-3180", "CVE-2018-3183", "CVE-2018-3214"], "modified": "2019-01-16T16:10:01", "id": "D50E1D38FA9347169BC69E6368733007D03E3B56F5983DB6946280D484FEEF26", "href": "https://www.ibm.com/support/pages/node/794137", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-22T01:48:37", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 6, Version 7 ,version 8, that is used by IBM Tivoli Composite Application Manager for Transactions - Robotic Response Time. These issues were disclosed as part of the IBM Java SDK updates in October 2018.\n\n## Vulnerability Details\n\n#### Relevant CVEs:\n\nCVE-2018-3183 CVE-2018-3169 CVE-2018-3149 CVE-2018-3180 CVE-2018-3214 CVE-2018-13785 CVE-2018-3136 CVE-2018-3139\n\n#### Relevant CVE Information:\n\n**CVEID:** [CVE-2018-3139](<https://vulners.com/cve/CVE-2018-3139>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151455> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-3136](<https://vulners.com/cve/CVE-2018-3136>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151452> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-13785](<https://vulners.com/cve/CVE-2018-13785>) \n**DESCRIPTION:** libpng is vulnerable to a denial of service, caused by a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146015> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-3214](<https://vulners.com/cve/CVE-2018-3214>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Sound component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151530> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-3180](<https://vulners.com/cve/CVE-2018-3180>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JSSE component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151497> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-3149](<https://vulners.com/cve/CVE-2018-3149>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151465> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3169](<https://vulners.com/cve/CVE-2018-3169>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151486> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3183](<https://vulners.com/cve/CVE-2018-3183>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Scripting component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151500> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Tivoli Composite Application Manager (ITCAM) for Transactions : 7.4 are affected\n\n## Remediation/Fixes\n\n**Product Name** | **VRMF** | **APAR** | **Remediation/First Fix** \n---|---|---|--- \nITCAM for Transactions | \n\n7.4.0.x\n\n| | \n\n7.4.0.1-TIV-CAMRT-IF0033 for different platforms:\n\n[7.4.0.1-TIV-CAMRT-AIX-IF0033](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FTivoli+Composite+Application+Manager+for+Transactions&fixids=7.4.0.1-TIV-CAMRT-AIX-IF0033&source=SAR&function=fixId&parent=Tivoli%20Composite%20Application%20Manager>)\n\n[7.4.0.1-TIV-CAMRT-LINUX-IF0033](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FTivoli+Composite+Application+Manager+for+Transactions&fixids=7.4.0.1-TIV-CAMRT-LINUX-IF0033&source=SAR&function=fixId&parent=Tivoli%20Composite%20Application%20Manager>)\n\n[ 7.4.0.1-TIV-CAMRT-WINDOWS-IF0033](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FTivoli+Composite+Application+Manager+for+Transactions&fixids=7.4.0.1-TIV-CAMRT-WINDOWS-IF0033&source=SAR&function=fixId&parent=Tivoli%20Composite%20Application%20Manager>) \n \n## Workarounds and Mitigations\n\nN/A\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-11-23T07:15:01", "type": "ibm", "title": "Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2018 - Includes Oracle Oct 2018 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-13785", "CVE-2018-3136", "CVE-2018-3139", "CVE-2018-3149", "CVE-2018-3169", "CVE-2018-3180", "CVE-2018-3183", "CVE-2018-3214"], "modified": "2018-11-23T07:15:01", "id": "21A7AD719DD13CFAC33065983721DB65123C32733B498EBEF6EE3F60568E2A40", "href": "https://www.ibm.com/support/pages/node/741745", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:46:08", "description": "## Summary\n\nIBM Db2 Query Management Facility for z/OS and Enterprise Edition has addressed the following vulnerability.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-3139](<https://vulners.com/cve/CVE-2018-3139>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151455> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-3136](<https://vulners.com/cve/CVE-2018-3136>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151452> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-13785](<https://vulners.com/cve/CVE-2018-13785>) \n**DESCRIPTION:** libpng is vulnerable to a denial of service, caused by a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146015> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-3214](<https://vulners.com/cve/CVE-2018-3214>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Sound component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151530> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-3180](<https://vulners.com/cve/CVE-2018-3180>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JSSE component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151497> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-3149](<https://vulners.com/cve/CVE-2018-3149>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151465> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3169](<https://vulners.com/cve/CVE-2018-3169>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151486> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3183](<https://vulners.com/cve/CVE-2018-3183>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Scripting component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151500> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nDb2 Query Management Facility for z/OS 11.1; 11.2; 12.1; 12.2;\n\nIBM QMF Enterrprise Edition Advanced 12.2; \n\nQMF Enterprise Edition 11.1; 12.1;\n\n## Remediation/Fixes\n\nNone. See 'Workarounds and Mitigations'.\n\n## Workarounds and Mitigations\n\nUse the following instructions to download the latest JRE version from the IBM Java download portal and replace it with the JRE you are currently invoking.\n\n 1. Download JRE 8.0.5.25 version from IBM Java download portal.\n 2. Close QMF, if any instance is running.\n\n3\\. Copy 8.0.5.25 JRE version to C:\\Program Files\\IBM\\DB2 Query Management Facility\\QMF for\n\nWorkstation\\jre. \n4\\. Start application \n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-06-12T05:10:02", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been idenfied in IBM SDK which affects IBM Db2 Query Management Facility for z/OS", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-13785", "CVE-2018-3136", "CVE-2018-3139", "CVE-2018-3149", "CVE-2018-3169", "CVE-2018-3180", "CVE-2018-3183", "CVE-2018-3214"], "modified": "2019-06-12T05:10:02", "id": "0E7265FFB6191CDB88791F1686BF022A0C1EC7A1FB1D1B5D9E6FFEB862AB466C", "href": "https://www.ibm.com/support/pages/node/871998", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:46:50", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition used by IBM\u00ae Cloud App Management V2018.4.1. IBM\u00ae Cloud App Management has addressed the applicable CVEs in a later version.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-3139](<https://vulners.com/cve/CVE-2018-3139>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151455> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-3136](<https://vulners.com/cve/CVE-2018-3136>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151452> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-13785](<https://vulners.com/cve/CVE-2018-13785>) \n**DESCRIPTION:** libpng is vulnerable to a denial of service, caused by a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146015> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-3214](<https://vulners.com/cve/CVE-2018-3214>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Sound component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151530> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-3180](<https://vulners.com/cve/CVE-2018-3180>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JSSE component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151497> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-3149](<https://vulners.com/cve/CVE-2018-3149>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151465> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3169](<https://vulners.com/cve/CVE-2018-3169>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151486> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3183](<https://vulners.com/cve/CVE-2018-3183>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Scripting component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151500> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Cloud App Management V2018.4.1\n\n## Remediation/Fixes\n\nIBM Cloud App Management V2018 was updated to use a later version of IBM\u00ae SDK Java\u2122 Technology Edition. Install IBM Cloud App Management V2019.2.0 to address these security vulnerabilities. IBM Cloud App Management V2019.2.0 is available on [IBM Passport Advantage](<https://www.ibm.com/software/passportadvantage/index.html>).\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-05-08T12:05:02", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM SDK Java Technology Edition affect IBM Cloud App Management V2018.4.1", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-13785", "CVE-2018-3136", "CVE-2018-3139", "CVE-2018-3149", "CVE-2018-3169", "CVE-2018-3180", "CVE-2018-3183", "CVE-2018-3214"], "modified": "2019-05-08T12:05:02", "id": "7D22C5FB2996DDFDFB29ABD5DC03D6EEC176A983E4DE39061070B41B3645BCA5", "href": "https://www.ibm.com/support/pages/node/883344", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:46:04", "description": "## Summary\n\nJava SE issues disclosed in the Oracle October 2018 Critical Patch Update\n\n## Vulnerability Details\n\n**CVE IDs:** CVE-2018-3183 CVE-2018-3169 CVE-2018-3149 CVE-2018-3180 CVE-2018-3214 CVE-2018-13785 CVE-2018-3136 CVE-2018-3139\n\n**DESCRIPTION:** This bulletin covers all applicable Java SE CVEs published by Oracle as part of their October 2018 Critical Patch Update. For more information please refer to [Oracle's October 2018 CPU Advisory](<https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixJAVA>) and the X-Force database entries referenced below.\n\n**CVEID:** [CVE-2018-3183](<https://vulners.com/cve/CVE-2018-3183>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Scripting component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151500> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3169](<https://vulners.com/cve/CVE-2018-3169>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151486> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3149](<https://vulners.com/cve/CVE-2018-3149>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151465> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3180](<https://vulners.com/cve/CVE-2018-3180>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JSSE component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151497> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-3214](<https://vulners.com/cve/CVE-2018-3214>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Sound component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151530> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-13785](<https://vulners.com/cve/CVE-2018-13785>) \n**DESCRIPTION:** libpng is vulnerable to a denial of service, caused by a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146015> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-3136](<https://vulners.com/cve/CVE-2018-3136>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151452> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-3139](<https://vulners.com/cve/CVE-2018-3139>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151455> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 70 and earlier releases \nIBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 70 and earlier releases \nIBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 30 and earlier releases \nIBM SDK, Java Technology Edition, Version 7R1 Service Refresh 4 Fix Pack 30 and earlier releases \nIBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix Pack 22 and earlier releases \n \nFor detailed information on which CVEs affect which releases, please refer to the [IBM SDK, Java Technology Edition Security Vulnerabilities page](<https://developer.ibm.com/javasdk/support/security-vulnerabilities/>).\n\n## Remediation/Fixes\n\nFixes for applicable vulnerabilities are included in IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 75 and subsequent releases, where embedded with supported IBM products \nFixes for applicable vulnerabilities are included in IBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 75 and subsequent releases, where embedded with supported IBM products \nFixes for applicable vulnerabilities are included in IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 35 and subsequent releases \nFixes for applicable vulnerabilities are included in IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 4 Fix Pack 35 and subsequent releases \nFixes for applicable vulnerabilities are included in IBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix Pack 25 and subsequent releases \n \nIBM SDK, Java Technology Edition releases can be downloaded, subject to the terms of the developerWorks license, from the [Java Developer Center](<https://developer.ibm.com/javasdk/downloads/>). \n \nIBM customers requiring an update for an SDK shipped with an IBM product should contact [IBM support](<http://www.ibm.com/support/>), and/or refer to the appropriate product security bulletin.\n\n**APAR numbers are as follows:**\n\n[IJ10930](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ10930>) (CVE-2018-3183) \n[IJ10931](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ10931>) (CVE-2018-3169) \n[IJ10932](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ10932>) (CVE-2018-3149) \n[IJ10894](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ10894>) (CVE-2018-3180) \n[IJ10933](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ10933>) (CVE-2018-3214) \n[IJ10934](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ10934>) (CVE-2018-13785) \n[IJ10935](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ10935>) (CVE-2018-3136) \n[IJ10895](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ10895>) (CVE-2018-3139)\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-11-06T15:45:02", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities may affect IBM\u00ae SDK, Java\u2122 Technology Edition", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-13785", "CVE-2018-3136", "CVE-2018-3139", "CVE-2018-3149", "CVE-2018-3169", "CVE-2018-3180", "CVE-2018-3183", "CVE-2018-3214"], "modified": "2018-11-06T15:45:02", "id": "1F77C49508A67A8404D8F97FFF5D13FF62F475445679C531C2B06AB744C6BB10", "href": "https://www.ibm.com/support/pages/node/735551", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-22T01:45:05", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is used by IBM i.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-3139](<https://vulners.com/cve/CVE-2018-3139>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151455> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-3136](<https://vulners.com/cve/CVE-2018-3136>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151452> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-13785](<https://vulners.com/cve/CVE-2018-13785>) \n**DESCRIPTION:** libpng is vulnerable to a denial of service, caused by a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146015> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-3214](<https://vulners.com/cve/CVE-2018-3214>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Sound component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151530> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-3180](<https://vulners.com/cve/CVE-2018-3180>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JSSE component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151497> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-3149](<https://vulners.com/cve/CVE-2018-3149>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151465> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3169](<https://vulners.com/cve/CVE-2018-3169>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151486> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3183](<https://vulners.com/cve/CVE-2018-3183>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Scripting component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151500> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nReleases 7.1, 7.2 and 7.3 of IBM i are affected.\n\n## Remediation/Fixes\n\nThe issue can be fixed by applying a PTF to the IBM i Operating System.\n\nReleases 7.1, 7.2 and 7.3 of IBM i are supported and will be fixed. \nPlease see the Java document at this URL for the latest Java information for IBM i:\n\n<https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM%20i%20Technology%20Updates/page/Java%20on%20IBM%20i> \nThe IBM i Group PTF numbers containing the fix for these CVEs follow. Future Group PTFs for Java will also contain the fixes for these CVEs.\n\n**Release 7.1 \u2013 SF99572 level 34** \n**Release 7.2 \u2013 SF99716 level 19** \n**Release 7.3 \u2013 SF99725 level 11**\n\n**_Important note: _**_IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-12-18T14:26:38", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM i", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-13785", "CVE-2018-3136", "CVE-2018-3139", "CVE-2018-3149", "CVE-2018-3169", "CVE-2018-3180", "CVE-2018-3183", "CVE-2018-3214"], "modified": "2019-12-18T14:26:38", "id": "3C81335D3CEB6233E033234534932928C5A26581A9CB6C01E8B261AFA9EB6BDE", "href": "https://www.ibm.com/support/pages/node/743955", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-22T01:47:51", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 7, 7.1, 8 that are used by AIX. These issues were disclosed as part of the IBM Java SDK updates in October 2018.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-3139](<https://vulners.com/cve/CVE-2018-3139>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151455> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-3136](<https://vulners.com/cve/CVE-2018-3136>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151452> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-13785](<https://vulners.com/cve/CVE-2018-13785>) \n**DESCRIPTION:** libpng is vulnerable to a denial of service, caused by a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146015> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-3214](<https://vulners.com/cve/CVE-2018-3214>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Sound component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151530> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-3180](<https://vulners.com/cve/CVE-2018-3180>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JSSE component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151497> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-3149](<https://vulners.com/cve/CVE-2018-3149>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151465> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3169](<https://vulners.com/cve/CVE-2018-3169>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151486> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3183](<https://vulners.com/cve/CVE-2018-3183>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Scripting component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151500> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAIX 6.1, 7.1, 7.2 \nVIOS 2.2.x\n\nThe following fileset levels (VRMF) are vulnerable, if the respective Java version is installed: \nFor Java7: Less than 7.0.0.635 \nFor Java7.1: Less than 7.1.0.435 \nFor Java8: Less than 8.0.0.525\n\nNote: To find out whether the affected Java filesets are installed on your systems, refer to the lslpp command found in AIX user's guide.\n\nExample: lslpp -L | grep -i java\n\n## Remediation/Fixes\n\nNote: Recommended remediation is to always install the most recent Java package available for the respective Java version.\n\nIBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 35 and subsequent releases: \n32-bit: https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&amp;product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&amp;release=7.0.0.0&amp;platform=AIX+32-bit,+pSeries&amp;function=all \n64-bit: https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&amp;product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&amp;release=7.0.0.0&amp;platform=AIX+64-bit,+pSeries&amp;function=all\n\nIBM SDK, Java Technology Edition, Version 7R1 Service Refresh 4 Fix Pack 35 and subsequent releases: \n32-bit: https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&amp;product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&amp;release=7.1.0.0&amp;platform=AIX+32-bit,+pSeries&amp;function=all \n64-bit: https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&amp;product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&amp;release=7.1.0.0&amp;platform=AIX+64-bit,+pSeries&amp;function=all\n\nIBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix Pack 25 and subsequent releases: \n32-bit: https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&amp;product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&amp;release=8.0.0.0&amp;platform=AIX+32-bit,+pSeries&amp;function=all \n64-bit: https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&amp;product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&amp;release=8.0.0.0&amp;platform=AIX+64-bit,+pSeries&amp;function=all\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-12-14T18:10:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-13785", "CVE-2018-3136", "CVE-2018-3139", "CVE-2018-3149", "CVE-2018-3169", "CVE-2018-3180", "CVE-2018-3183", "CVE-2018-3214"], "modified": "2018-12-14T18:10:01", "id": "E089BB3364A1D64F0F411EC103AC76EA7C388D935F3CBB285C30433B852BD69B", "href": "https://www.ibm.com/support/pages/node/787833", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:45:26", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 7 used by IBM Spectrum LSF Analytics. IBM Spectrum LSF Analytics has addressed the applicable CVEs.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the \"IBM Java SDK Security Bulletin\", located in the References section for more information.\n\n**CVEID:** _[CVE-2018-3183](<https://vulners.com/cve/CVE-2018-3183>)_ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Scripting component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 9 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/151500](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151500>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n**CVEID:** _[CVE-2018-3169](<https://vulners.com/cve/CVE-2018-3169>)_ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/151486](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151486>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** _[CVE-2018-3149](<https://vulners.com/cve/CVE-2018-3149>)_ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/151465](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151465>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** _[CVE-2018-3180](<https://vulners.com/cve/CVE-2018-3180>)_ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JSSE component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/151497](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151497>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** _[CVE-2018-3214](<https://vulners.com/cve/CVE-2018-3214>)_ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Sound component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/151530](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151530>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** _[CVE-2018-13785](<https://vulners.com/cve/CVE-2018-13785>)_ \n**DESCRIPTION:** libpng is vulnerable to a denial of service, caused by a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/146015](<https://exchange.xforce.ibmcloud.com/vulnerabilities/146015>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** _[CVE-2018-3136](<https://vulners.com/cve/CVE-2018-3136>)_ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.4 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/151452](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151452>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N)\n\n**CVEID:** _[CVE-2018-3139](<https://vulners.com/cve/CVE-2018-3139>)_ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/151455](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151455>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nSpectrum LSF Analytics 9.1.4\n\n## Remediation/Fixes\n\n_&lt;Product_\n\n| \n\n_VRMF_\n\n| \n\n_APAR_\n\n| \n\n_Remediation/First Fix_ \n \n---|---|---|--- \n \nSpectrum LSF Analytics\n\n| \n\n_9.1.4_\n\n| \n\n_None_\n\n| \n\n 1. Download IBM JRE 7 from the following location: [http://www.ibm.com/support/fixcentral](<http://www.ibm.com/support/fixcentral>). (The followings steps are using x86_64 as an example.)\n 2. Copy JRE package into the Analytics Server host and Analytics Node host(s).\n 3. On the Analytics Server host, stop pats, pars, and parb services\n 4. On the Analytics Server host, extract new JRE files and replace old JRE files in following directories\n\n#{ANALYTICS_SERVER_TOP}\\jre\n\n#{ANALYTICS_SERVER_TOP}\\report\\jre\n\nWhere ANALYTICS_SERVER_TOP describes the top-level IBM Spectrum LSF Analytics server installation directory.\n\n 5. On the Analytics Server host, start pats, pars, and parb services on demand.\n 6. On the Analytics Node host, stop plc services\n 7. On the Analytics Node host, extract new JRE files and replace old JRE files in following directory\n\n#{ANALYTICS_NODE_TOP}/jre/#{ARCH}/\n\nWhere ANALYTICS_NODE_TOP describes the top-level IBM Spectrum LSF Analytics node installation directory. ARCH describes the architecture of Analytics Node host. E.g. linux-x86_64\n\n 8. On the Analytics Node host, start plc service. \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-11-30T05:15:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum LSF Analytics", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-13785", "CVE-2018-3136", "CVE-2018-3139", "CVE-2018-3149", "CVE-2018-3169", "CVE-2018-3180", "CVE-2018-3183", "CVE-2018-3214"], "modified": "2018-11-30T05:15:01", "id": "670A4E33560EFE05EB04F9CBE20F136EDE42804FDACA77357EF37D09EF210A97", "href": "https://www.ibm.com/support/pages/node/738619", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-22T01:46:26", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 7.0.10.30 used by IBM Cloud Manager with OpenStack. IBM Cloud Manager with OpenStack has addressed the applicable CVEs. \n \nThese issues were disclosed as part of the IBM Java SDK updates in October 2018.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-3183](<https://vulners.com/cve/CVE-2018-3183>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Scripting component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151500> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3169](<https://vulners.com/cve/CVE-2018-3169>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151486> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3149](<https://vulners.com/cve/CVE-2018-3149>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151465> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3180](<https://vulners.com/cve/CVE-2018-3180>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JSSE component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151497> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-3214](<https://vulners.com/cve/CVE-2018-3214>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Sound component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151530> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-13785](<https://vulners.com/cve/CVE-2018-13785>) \n**DESCRIPTION:** libpng is vulnerable to a denial of service, caused by a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146015> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-3136](<https://vulners.com/cve/CVE-2018-3136>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151452> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-3139](<https://vulners.com/cve/CVE-2018-3139>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151455> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\n**Affected Product Name** | **Affected Versions** \n---|--- \nIBM Cloud Manager with OpenStack | 4.3 \n \n## Remediation/Fixes\n\n**Product** | **VRMF** | **Remediation / First Fix** \n---|---|--- \nIBM Cloud Manager with OpenStack | 4.3 | \n\nUpgrade to 4.3 FP 13:\n\n[https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FOther%20software&amp;product=ibm/Other+software/Cloud+Manager+with+Openstack&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=4.3.0.13-IBM-CMWO-FP13&amp;includeSupersedes=0](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FOther%20software&product=ibm/Other+software/Cloud+Manager+with+Openstack&release=All&platform=All&function=fixId&fixids=4.3.0.13-IBM-CMWO-FP13&includeSupersedes=0>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-05-06T11:15:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Manager with OpenStack", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-13785", "CVE-2018-3136", "CVE-2018-3139", "CVE-2018-3149", "CVE-2018-3169", "CVE-2018-3180", "CVE-2018-3183", "CVE-2018-3214"], "modified": "2019-05-06T11:15:01", "id": "3624DDD0AC776E39AF868A639FAB62CC5C98B3186CF78AA2720A05D9C15D3976", "href": "https://www.ibm.com/support/pages/node/796098", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:45:26", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 6 and 7 used by IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation. IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation have addressed the applicable CVEs.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the \"IBM Java SDK Security Bulletin\", located in the References section for more information.\n\n**CVEID:** _[CVE-2018-3183](<https://vulners.com/cve/CVE-2018-3183>)_ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Scripting component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 9 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/151500](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151500>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n**CVEID:** _[CVE-2018-3169](<https://vulners.com/cve/CVE-2018-3169>)_ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/151486](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151486>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** _[CVE-2018-3149](<https://vulners.com/cve/CVE-2018-3149>)_ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/151465](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151465>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** _[CVE-2018-3180](<https://vulners.com/cve/CVE-2018-3180>)_ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JSSE component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/151497](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151497>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** _[CVE-2018-3214](<https://vulners.com/cve/CVE-2018-3214>)_ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Sound component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/151530](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151530>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** _[CVE-2018-13785](<https://vulners.com/cve/CVE-2018-13785>)_ \n**DESCRIPTION:** libpng is vulnerable to a denial of service, caused by a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/146015](<https://exchange.xforce.ibmcloud.com/vulnerabilities/146015>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** _[CVE-2018-3136](<https://vulners.com/cve/CVE-2018-3136>)_ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.4 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/151452](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151452>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N)\n\n**CVEID:** _[CVE-2018-3139](<https://vulners.com/cve/CVE-2018-3139>)_ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/151455](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151455>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nPlatform Cluster Manager Standard Edition Version 4.1.0, 4.1.1 and 4.1.1.1\n\nPlatform Cluster Manager Version 4.2.0, 4.2.0.1, 4.2.0.2 and 4.2.1\n\nPlatform HPC Version 4.1.1, 4.1.1.1, 4.2.0 and 4.2.1\n\nSpectrum Cluster Foundation 4.2.2 \n\n## Remediation/Fixes\n\n_&lt;Product_\n\n| \n\n_VRMF_\n\n| \n\n_APAR_\n\n| \n\n_Remediation/First Fix_ \n \n---|---|---|--- \n \n_Platform Cluster Manager Standard Edition_\n\n| \n\n_4.1.0, 4.1.1, 4.1.1.1, 4.2.0, 4.2.0.1, 4.2.0.2, 4.2.1_\n\n| \n\n_None_\n\n| \n\n_See fix below_ \n \n_Platform Cluster Manager Advanced Edition_\n\n| \n\n_4.2.0, 4.2.0.1, 4.2.0.2, 4.2.1_\n\n| \n\n_None_\n\n| \n\n_See fix below_ \n \n_Platform HPC _\n\n| \n\n_4.1.1, 4.1.1.1, 4.2.0, 4.2.1_\n\n| \n\n_None_\n\n| \n\n_See fix below_ \n \n_Spectrum Cluster Foundation_\n\n| \n\n_4.2.2_\n\n| \n\n_None_\n\n| \n\n_See fix below_ \n \n**Platform Cluster Manager 4.1.x &amp; Platform HPC 4.1.x**\n\n 1. Download IBM JRE 6.0 x86_64 from the following location: _[http://www.ibm.com/support/fixcentral](<http://www.ibm.com/support/fixcentral>)_. (For POWER platform, download ppc64 version JRE tar package. The followings steps are using x86_64 as an example.)\n 2. Copy the tar package into the management node. If high availability is enabled, copy the JRE tar package to standby management node, as well.\n 3. If high availability is enabled, shutdown standby management node to avoid triggering high availability.\n 4. On the management node, stop GUI and PERF services\n\nHA disabled: \n# pmcadmin stop \n# perfadmin stop all \n \nHA enabled: \n# egosh user logon -u Admin -x Admin \n# egosh service stop all\n\n 5. On management node, extract new JRE files and replace some old folders with new ones.\n\n# chmod +x ibm-java-x86_64-jre-6.0-16.75.bin\n\n# ./ibm-java-x86_64-jre-6.0-16.75.bin \n# mv /opt/pcm/web-portal/jre/linux-x86_64/bin /opt/pcm/web-portal/jre/linux-x86_64/bin-old \n# mv /opt/pcm/web-portal/jre/linux-x86_64/lib /opt/pcm/web-portal/jre/linux-x86_64/lib-old \n# mv /opt/pcm/web-portal/jre/linux-x86_64/plugin /opt/pcm/web-portal/jre/linux-x86_64/plugin-old \n# cp -r ibm-java-x86_64-60/jre/bin /opt/pcm/web-portal/jre/linux-x86_64/ \n# cp -r ibm-java-x86_64-60/jre/lib /opt/pcm/web-portal/jre/linux-x86_64/ \n# cp -r ibm-java-x86_64-60/jre/plugin /opt/pcm/web-portal/jre/linux-x86_64/\n\n 6. On management node, start GUI and PERF services\n\nHA disabled: \n# pmcadmin start \n# perfadmin start all \n \nHA enabled: \n# egosh user logon -u Admin -x Admin \n# egosh service start all\n\n**Platform Cluster Manager 4.2.x &amp; Platform HPC 4.2.x &amp; Spectrum Cluster Foundation 4.2.2**\n\n 1. Download IBM JRE 7.0 x86_64 from the following location: _[http://www.ibm.com/support/fixcentral](<http://www.ibm.com/support/fixcentral>)_. (For POWER platform, download ppc64 version JRE tar package. The followings steps are using x86_64 as an example.)\n 2. Copy the tar package into the management node. If high availability is enabled, copy the JRE tar package to standby management node, as well.\n 3. If high availability is enabled, shutdown standby management node to avoid triggering high availability.\n 4. On the management node, stop GUI and PERF services\n\n# pcmadmin service stop --group ALL\n\n 5. On management node, extract new JRE files and replace some old folders with new ones.\n\n# chmod +x ibm-java-x86_64-jre-7.0-10.35.bin\n\n# ./ibm-java-x86_64-jre-7.0-10.35.bin \n# mv /opt/pcm/jre/bin /opt/pcm/jre/bin-old \n# mv /opt/pcm/jre/lib /opt/pcm/jre/lib-old \n# mv /opt/pcm/jre/plugin /opt/pcm/jre/plugin-old \n# cp -r ibm-java-x86_64-70/jre/bin /opt/pcm/jre/ \n# cp -r ibm-java-x86_64-70/jre/lib /opt/pcm/jre/ \n# cp -r ibm-java-x86_64-70/jre/plugin /opt/pcm/jre/ \n# mv /opt/pcm/web-portal/jre/linux-x86_64/bin /opt/pcm/web-portal/jre/linux-x86_64/bin-old \n# mv /opt/pcm/web-portal/jre/linux-x86_64/lib /opt/pcm/web-portal/jre/linux-x86_64/lib-old \n# mv /opt/pcm/web-portal/jre/linux-x86_64/plugin /opt/pcm/web-portal/jre/linux-x86_64/plugin-old \n# cp -r ibm-java-x86_64-70/jre/bin /opt/pcm/web-portal/jre/linux-x86_64/ \n# cp -r ibm-java-x86_64-70/jre/lib /opt/pcm/web-portal/jre/linux-x86_64/ \n# cp -r ibm-java-x86_64-70/jre/plugin /opt/pcm/web-portal/jre/linux-x86_64/\n\n 6. On management node, start GUI and PERF services\n\n# pcmadmin service start --group ALL\n\n 7. If high availability is enabled, start up standby management node, and replace bin, lib, plugin folders under /opt/pcm/web-portal/jre/linux-x86_64, on standby management node.\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2018-11-30T05:10:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-13785", "CVE-2018-3136", "CVE-2018-3139", "CVE-2018-3149", "CVE-2018-3169", "CVE-2018-3180", "CVE-2018-3183", "CVE-2018-3214"], "modified": "2018-11-30T05:10:01", "id": "3EC89BA96EEEC8F416556D1CE3AB9277E84671E4CE4722F415CA06BC301472C9", "href": "https://www.ibm.com/support/pages/node/738615", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-06T17:42:40", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 8.0.5.20 used by IBM Cloud Transformation Advisor. IBM Cloud Transformation Advisor has addressed the applicable CVEs. \nThese issues were disclosed as part of the IBM Java SDK updates in October 2018.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the \"IBM Java SDK Security Bulletin\", located in the References section for more information.\n\n**CVEID:** [CVE-2018-3183](<https://vulners.com/cve/CVE-2018-3183>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Scripting component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151500> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3169](<https://vulners.com/cve/CVE-2018-3169>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151486> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3149](<https://vulners.com/cve/CVE-2018-3149>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151465> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3180](<https://vulners.com/cve/CVE-2018-3180>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JSSE component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151497> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-3214](<https://vulners.com/cve/CVE-2018-3214>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Sound component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151530> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-13785](<https://vulners.com/cve/CVE-2018-13785>) \n**DESCRIPTION:** libpng is vulnerable to a denial of service, caused by a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146015> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-3136](<https://vulners.com/cve/CVE-2018-3136>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151452> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-3139](<https://vulners.com/cve/CVE-2018-3139>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151455> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Cloud Transformation Advisor 1.8.0, 1.8.1, 1.9.0, 1.9.1\n\n## Remediation/Fixes\n\nUpgrade to 1.9.2 or later.\n\nIn IBM Cloud Private go to IBM Cloud Transformation Advisor helm release and click Upgrade.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-12-05T19:00:57", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Transformation Advisor", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-13785", "CVE-2018-3136", "CVE-2018-3139", "CVE-2018-3149", "CVE-2018-3169", "CVE-2018-3180", "CVE-2018-3183", "CVE-2018-3214"], "modified": "2022-12-05T19:00:57", "id": "24CBFF122FF415C5CFDF11F4F1D6A1825BD4AB8E9DEA8F07E2596985E17DE6D2", "href": "https://www.ibm.com/support/pages/node/870404", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-07T14:57:17", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 8 Service Refresh 5 Fix Pack 22 and earlier releases used by IBM Platform Symphony and IBM Spectrum Symphony. IBM Platform Symphony and IBM Spectrum Symphony have addressed the applicable CVEs.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the \"IBM Java SDK Security Bulletin\", located in the References section for more information.\n\n**CVEID:** _ [CVE-2018-3183](<https://vulners.com/cve/CVE-2018-3183>) _ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Scripting component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 9 \nCVSS Temporal Score: See _ [https://exchange.xforce.ibmcloud.com/vulnerabilities/151500](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151500>) _ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n**CVEID:** _ [CVE-2018-3169](<https://vulners.com/cve/CVE-2018-3169>) _ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See _ [https://exchange.xforce.ibmcloud.com/vulnerabilities/151486](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151486>) _ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** _ [CVE-2018-3149](<https://vulners.com/cve/CVE-2018-3149>) _ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See _ [https://exchange.xforce.ibmcloud.com/vulnerabilities/151465](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151465>) _ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** _ [CVE-2018-3180](<https://vulners.com/cve/CVE-2018-3180>) _ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JSSE component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See _ [https://exchange.xforce.ibmcloud.com/vulnerabilities/151497](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151497>) _ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** _ [CVE-2018-3214](<https://vulners.com/cve/CVE-2018-3214>) _ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Sound component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See _ [https://exchange.xforce.ibmcloud.com/vulnerabilities/151530](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151530>) _ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** _ [CVE-2018-13785](<https://vulners.com/cve/CVE-2018-13785>) _ \n**DESCRIPTION:** libpng is vulnerable to a denial of service, caused by a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See _ [https://exchange.xforce.ibmcloud.com/vulnerabilities/146015](<https://exchange.xforce.ibmcloud.com/vulnerabilities/146015>) _ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** _ [CVE-2018-3136](<https://vulners.com/cve/CVE-2018-3136>) _ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.4 \nCVSS Temporal Score: See _ [https://exchange.xforce.ibmcloud.com/vulnerabilities/151452](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151452>) _ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N)\n\n**CVEID:** _ [CVE-2018-3139](<https://vulners.com/cve/CVE-2018-3139>) _ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See _ [https://exchange.xforce.ibmcloud.com/vulnerabilities/151455](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151455>) _ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Platform Symphony 7.1 Fix Pack 1 \nIBM Platform Symphony 7.1.1 \nIBM Spectrum Symphony 7.1.2 \nIBM Spectrum Symphony 7.2.0.2 \nIBM Spectrum Symphony 7.2.1\n\n## Remediation/Fixes\n\n### Applicability\n\n * Operating systems: Linux x64, Windows X64\n\n * Cluster type: Single grid cluster, Developer Edition, Multicluster\n\nPrerequisite\n\nTo install or uninstall the .rpm packages for IBM Spectrum Symphony 7.1.2, 7.2.0.2, and 7.2.1, you must have root permission and RPM version 4.2.1 or later must be installed on the host.\n\nPackages\n\n_**Product**_ | _**VRMF**_ | _**APAR**_ | _**Remediation/First Fix**_ \n---|---|---|--- \n_IBM Platform Symphony_ | _7.1 Fix Pack 1_ | _P102850_ | \n\n_symSetup_jre8sr5fp27_linux-x64_build510378.tar.gz_\n\n_symSetup_jre8sr5fp27_win-x64_build510378.zip_\n\n[http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Platform+Symphony&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=sym-7.1-build510378&amp;includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Platform+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.1-build510378&includeSupersedes=0>) \n \n_IBM Platform Symphony_ | _7.1.1_ | _P102850_ | \n\n_symSetup_jre8sr5fp27_linux-x64_build510378.tar.gz_\n\n_symSetup_jre8sr5fp27_win-x64_build510378.zip_\n\n[http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Platform+Symphony&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=sym-7.1.1-build510378&amp;includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Platform+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.1.1-build510378&includeSupersedes=0>) \n \n_IBM Spectrum Symphony_ | _7.1.2_ | _P102850_ | \n\n_egojre-1.8.0.527.x86_64.rpm_\n\n_symSetup_jre8sr5fp27_linux-x64_build510378.tar.gz_\n\n_symSetup_jre8sr5fp27_win-x64_build510378.zip_\n\n[http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=sym-7.1.2-build510378&amp;includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.1.2-build510378&includeSupersedes=0>) \n \n_IBM Spectrum Symphony_ | _7.2.0.2_ | _P102850_ | \n\n_egojre-8.0.5.27.x86_64.rpm_\n\n_symSetup_jre8sr5fp27_linux-x64_build510378.tar.gz_\n\n_symSetup_jre8sr5fp27_win-x64_build510378.zip_\n\n[http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=sym-7.2.0.2-build510378&amp;includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.2.0.2-build510378&includeSupersedes=0>) \n \n_IBM Spectrum Symphony_ | _7.2.1_ | _P102850_ | \n\n_egojre-8.0.5.27.x86_64.rpm_\n\n_symSetup_jre8sr5fp27_linux-x64_build510378.tar.gz_\n\n_symSetup_jre8sr5fp27_win-x64_build510378.zip_\n\n[http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=sym-7.2.1-build510378&amp;includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.2.1-build510378&includeSupersedes=0>) \n \nInstalling on Linux management hosts in grid clusters\n\n1\\. Log on to the primary host as the cluster administrator.\n\n&gt; egosh user logon -u Admin -x Admin\n\n2\\. Disable your applications, stop services, and shut down the cluster:\n\n&gt; soamcontrol app disable all\n\n&gt; egosh service stop all\n\n&gt; egosh ego shutdown all\n\n3\\. Back up or uninstall the existing JRE on all management hosts:\n\n * For Platform Symphony 7.1 Fix Pack 1 and 7.1.1, back up the JRE folder (under $EGO_TOP/jre/&lt;_EGO_version_&gt;/linux-x86_64/). For example, in Platform Symphony 7.1.1 cluster, back up the JRE folder at $EGO_TOP/jre/3.3/linux-x86_64/.\n * For IBM Spectrum Symphony 7.1.2, 7.2.0.2 and 7.2.1, uninstall the existing JRE:\n\n1) Query the existing JRE package and uninstall it from the dbpath location, for example:\n\n&gt; rpm -qa --dbpath /tmp/rpm |grep egojre\n\negojre-1.8.0.3-408454.x86_64\n\n&gt; rpm -e egojre-1.8.0.3-408454.x86_64 --dbpath /tmp/rpm --nodeps\n\n2) For IBM Spectrum Symphony 7.2.0.2, remove the links remaining in the jre folder, for example:\n\n&gt; rm -rf $EGO_TOP/jre/8.0.5.0\n\n4\\. Log on to each management host as the cluster administrator and source the environment.\n\n&gt; source profile.platform\n\n5\\. On each management host, replace your current JRE folder with the files in this interim fix.\n\n * For Platform Symphony 7.1 Fix Pack 1 and 7.1.1, remove the files in the existing JRE folder and extract the interim package to the JRE folder. For example, in Platform Symphony 7.1.1, enter the following commands:\n\n&gt; rm -rf $EGO_TOP/jre/3.3/linux-x86_64/*\n\n&gt; tar zxfo symSetup_jre8sr5fp27_linux-x64_build510378.tar.gz -C $EGO_TOP/jre/3.3/linux-x86_64\n\n * For IBM Spectrum Symphony 7.1.2, 7.2.0.2, and 7.2.1, use the same prefix and dbpath as the installation, for example:\n\n&gt; rpm \u2013ivh egojre-1.8.0.527.x86_64.rpm --prefix /opt/platform --dbpath /tmp/rpm\n\n6\\. Delete all subdirectories and files in the GUI work directory:\n\n&gt; rm -rf $EGO_TOP/gui/work/*\n\n&gt; rm -rf $EGO_TOP/gui/workarea/*\n\n**NOTE: **If you configured the WLP_OUTPUT_DIR parameter and APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR is set to true in the $EGO_CONFDIR/conf/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/ directory.\n\n7\\. Launch your browser and clear the browser cache.\n\n8\\. From the primary host, start the cluster and enable your applications:\n\n&gt; source profile.platform\n\n&gt; egosh ego start all\n\n&gt; soamcontrol app enable &lt;_appName_&gt;\n\nInstalling on Linux Multicluster hosts\n\n1\\. Log on to the primary host as the cluster administrator and source the environment:\n\n&gt; source profile.platform\n\n2\\. Stop services and shut down the cluster:\n\n&gt; egosh service stop all\n\n&gt; egosh ego shutdown all\n\n3\\. Back up the JRE folder (under $EGO_TOP/jre/&lt;_EGO_version_&gt;/linux-x86_64/). For example, in Platform Symphony 7.1.1 Multicluster, back up the JRE folder at $EGO_TOP/jre/3.3/linux-x86_64/.\n\n4\\. Log on to each management host as the cluster administrator and replace your current JRE folder with the files in this interim fix. For example, in Platform Symphony 7.1.1 Multicluster, enter the following commands:\n\n&gt; source profile.platform\n\n&gt; rm -rf $EGO_TOP/jre/3.3/linux-x86_64/*\n\n&gt; tar zxfo symSetup_jre8sr5fp27_linux-x64_build510378.tar.gz -C $EGO_TOP/jre/3.3/linux-x86_64\n\n5\\. Delete all subdirectories and files in the GUI work directory:\n\n&gt; rm -rf $EGO_TOP/gui/work/*\n\n&gt; rm -rf $EGO_TOP/gui/workarea/*\n\n**NOTE: **If you configured the WLP_OUTPUT_DIR parameter and APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR is set to true in the $EGO_CONFDIR/conf/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/ directory.\n\n6\\. Launch your browser and clear the browser cache.\n\n7\\. From the primary host, source the environment and start the cluster:\n\n&gt; source profile.platform\n\n&gt; egosh ego start all\n\nInstalling on Linux Developer Edition hosts\n\n1\\. Log on to each Linux Developer Edition (DE) host, source the environment and stop the agent:\n\n&gt; source profile.platform\n\n&gt; soamshutdown\n\n2\\. Back up the JRE folder (under $SOAM_HOME/jre/linux-x86_64/). For example, in Platform Symphony DE 7.1.1, back up the JRE folder at $SOAM_HOME/jre/linux-x86_64/.\n\n3\\. Log on to each DE host as the administrator and replace your current JRE folder with the files in this interim fix. \n\nFor example, in Platform Symphony DE 7.1.1, enter the following commands:\n\n&gt; rm -rf $SOAM_HOME/jre/linux-x86_64/*\n\n&gt; tar zxfo symSetup_jre8sr5fp27_linux-x64_build510378.tar.gz -C $SOAM_HOME/jre/linux-x86_64\n\n4\\. Start the agent:\n\n&gt; soamstartup &amp;\n\nInstalling on Windows Developer Edition hosts\n\n1\\. Log on to each Windows Developer Edition (DE) host and stop the agent:\n\n&gt; soamshutdown\n\n2\\. Back up the JRE folder (under %SOAM_HOME%\\jre). For example, in Platform Symphony DE 7.1.1, back up the JRE folder at %SOAM_HOME%\\jre.\n\n3\\. Log on to each DE host as the administrator and replace your current JRE folder with the files in this interim fix. For example, in Platform Symphony DE 7.1.1, delete all files under %SOAM_HOME%\\jre, and decompress the symSetup_jre8sr5fp27_win-x64_build510378.zip package under it.\n\n4\\. Start the agent:\n\n&gt; soamstartup\n\nVerifying the installation\n\n * For Platform Symphony 7.1 Fix Pack 1 hosts, the following example shows output for the java -version command:\n\n&gt; $EGO_TOP/jre/3.1/linux-x86_64/bin/java -version\n\njava version \"1.8.0_191\"\n\nJava(TM) SE Runtime Environment (build 8.0.5.27 - pxa6480sr5fp27-20190104_01(SR5 FP27))\n\nIBM J9 VM (build 2.9, JRE 1.8.0 Linux amd64-64-Bit Compressed References 20181219_405297 (JIT enabled, AOT enabled)\n\nOpenJ9 - 3f2d574\n\nOMR - 109ba5b\n\nIBM - e2996d1)\n\nJCL - 20190104_01 based on Oracle jdk8u191-b26\n\n * For Platform Symphony 7.1.1 hosts, the following example shows output for the java -version command:\n\n&gt; $EGO_TOP/jre/3.3/linux-x86_64/bin/java -version\n\njava version \"1.8.0_191\"\n\nJava(TM) SE Runtime Environment (build 8.0.5.27 - pxa6480sr5fp27-20190104_01(SR5 FP27))\n\nIBM J9 VM (build 2.9, JRE 1.8.0 Linux amd64-64-Bit Compressed References 20181219_405297 (JIT enabled, AOT enabled)\n\nOpenJ9 - 3f2d574\n\nOMR - 109ba5b\n\nIBM - e2996d1)\n\nJCL - 20190104_01 based on Oracle jdk8u191-b26\n\n * For IBM Spectrum Symphony 7.1.2 hosts, the following example shows output for the rpm -qa command:\n\n&gt; rpm -qa --dbpath /tmp/rpm |grep egojre\n\negojre-1.8.0.527-510378.x86_64\n\n * For IBM Spectrum Symphony 7.2.0.2 hosts, the following example shows output for the rpm -qa command:\n\n&gt; rpm -qa --dbpath /tmp/rpm |grep egojre\n\negojre-8.0.5.27-510378.x86_64\n\n * For IBM Spectrum Symphony 7.2.1 hosts, the following example shows output for the rpm -qa command:\n\n&gt; rpm -qa --dbpath /tmp/rpm |grep egojre\n\negojre-8.0.5.27-510378.x86_64\n\n * For Linux DE hosts, the following example shows output for the java -version command:\n\n&gt; $SOAM_HOME/jre/linux-x86_64/bin/java -version\n\njava version \"1.8.0_191\"\n\nJava(TM) SE Runtime Environment (build 8.0.5.27 - pxa6480sr5fp27-20190104_01(SR5 FP27))\n\nIBM J9 VM (build 2.9, JRE 1.8.0 Linux amd64-64-Bit Compressed References 20181219_405297 (JIT enabled, AOT enabled)\n\nOpenJ9 - 3f2d574\n\nOMR - 109ba5b\n\nIBM - e2996d1)\n\nJCL - 20190104_01 based on Oracle jdk8u191-b26\n\n * For Windows DE hosts, the following example shows output for the java -version command:\n\n&gt; %SOAM_HOME%\\jre\\bin\\java -version\n\njava version \"1.8.0_191\"\n\nJava(TM) SE Runtime Environment (build 8.0.5.27 - pwa6480sr5fp27-20190104_01(SR5 FP27))\n\nIBM J9 VM (build 2.9, JRE 1.8.0 Windows Server 2012 R2 amd64-64-Bit Compressed References 20181219_405297 (JIT enabled, AOT enabled)\n\nOpenJ9 - 3f2d574\n\nOMR - 109ba5b\n\nIBM - e2996d1)\n\nJCL - 20190104_01 based on Oracle jdk8u191-b26\n\nUninstallation\n\nIf required, follow these instructions to uninstall this interim fix in your cluster:\n\nUninstalling on Linux management hosts in grid clusters\n\n1\\. Log on to each management host as the cluster administrator, disable your applications, stop services, and shut down the cluster:\n\n&gt; source profile.platform\n\n&gt; soamcontrol app disable all\n\n&gt; egosh service stop all\n\n&gt; egosh ego shutdown all\n\n2\\. Log on to each management host as the cluster administrator and restore the JRE folder from your backup.\n\n * For Platform Symphony 7.1 Fix Pack 1 and 7.1.1, restore your backup to the $EGO_TOP/jre/&lt;_EGO_version_&gt;/linux-x86_64/ folder. For example, in Platform Symphony 7.1.1, restore your backup to the $EGO_TOP/jre/3.3/linux-x86_64/ folder.\n * For IBM Spectrum Symphony 7.1.2, 7.2.0.2 and 7.2.1, uninstall the existing JRE, then install the old one:\n\n1) Uninstall the JRE fix, for example:\n\n&gt; rpm -e egojre-1.8.0.527-510378.x86_64 \\--dbpath /tmp/rpm/ --nodeps\n\n2) For IBM Spectrum Symphony 7.2.0.2, remove the link remaining under the jre folder, for example:\n\n&gt; rm -rf $EGO_TOP/jre/8.0.5.27\n\n3) Extract the egojre .rpm package from the .bin installation package. For example, for IBM Spectrum Symphony 7.1.2, enter:\n\n&gt; sym-7.1.2.0_x86_64.bin --extract /opt/extract\n\n4) Reinstall the old JRE package. Use the same prefix and dbpath as the installation, for example:\n\n&gt; rpm -ivh /opt/extract/egojre-1.8.0.3.x86_64.rpm --prefix /opt/platform --dbpath /tmp/rpm\n\n3\\. Delete all subdirectories and files in the GUI work directory:\n\n&gt; rm -rf $EGO_TOP/gui/work/*\n\n&gt; rm -rf $EGO_TOP/gui/workarea/*\n\n**NOTE: **If you configured the WLP_OUTPUT_DIR parameter and APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR is set to true in the $EGO_CONFDIR/conf/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/ directory.\n\n4\\. Launch your browser and clear the browser cache.\n\n5\\. From the primary host, start the cluster and enable your applications:\n\n&gt; source profile.platform\n\n&gt; egosh ego start all\n\n&gt; soamcontrol app enable &lt;_appName_&gt;\n\nUninstalling on Linux Multicluster hosts\n\n1\\. Log on to each management host as the cluster administrator, stop services, and shut down the cluster:\n\n&gt; source profile.platform\n\n&gt; egosh service stop all\n\n&gt; egosh ego shutdown all\n\n2\\. Restore your backup to the $EGO_TOP/jre/&lt;_EGO_version_&gt;/linux-x86_64/ folder. For example, in Platform Symphony 7.1.1 Multicluster, restore your backup to the $EGO_TOP/jre/3.3/linux-x86_64/ folder.\n\n3\\. Delete all subdirectories and files in the GUI work directory:\n\n&gt; rm -rf $EGO_TOP/gui/work/*\n\n&gt; rm -rf $EGO_TOP/gui/workarea/*\n\n**NOTE: **If you configured the WLP_OUTPUT_DIR parameter and APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR is set to true in the $EGO_CONFDIR/conf/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/ directory.\n\n4\\. Launch your browser and clear the browser cache.\n\n5\\. From the primary host, source the environment and start the cluster:\n\n&gt; source profile.platform\n\n&gt; egosh ego start all\n\nUninstalling on Linux Developer Edition hosts\n\n1\\. Log on to each Linux Developer Edition (DE) host as the administrator and stop the agent:\n\n&gt; source profile.platform\n\n&gt; soamshutdown\n\n2\\. Restore your backup to the $SOAM_HOME/jre/linux-x86_64/ folder. For example, in Platform Symphony DE 7.1.1, restore the JRE folder at $SOAM_HOME/jre/linux-x86_64/.\n\n3\\. Start the agent:\n\n&gt; soamstartup &amp;\n\nUninstalling on Windows Developer Edition hosts\n\n1\\. Log on to each Windows Developer Edition (DE) host as the administrator and stop the agent:\n\n&gt; soamshutdown\n\n2\\. Restore your backup to the %SOAM_HOME%\\jre folder. For example, in Platform Symphony DE 7.1.1, restore the JRE folder at %SOAM_HOME%\\jre.\n\n3\\. Start the agent:\n\n&gt; soamstartup\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-07-02T09:51:31", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Platform Symphony and IBM Spectrum Symphony", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-13785", "CVE-2018-3136", "CVE-2018-3139", "CVE-2018-3149", "CVE-2018-3169", "CVE-2018-3180", "CVE-2018-3183", "CVE-2018-3214"], "modified": "2021-07-02T09:51:31", "id": "A671867F3CBB422EE62BE00E2D282D76AEA93D06B31D0A1F67C0D9916D0BE505", "href": "https://www.ibm.com/support/pages/node/795774", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-22T01:48:13", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 8.0.5.16 used by IBM Security SiteProtector System. IBM Security SiteProtector System has addressed the applicable CVEs. \n\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2017-3732](<https://vulners.com/cve/CVE-2017-3732>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121313> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2016-0705](<https://vulners.com/cve/CVE-2016-0705>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111140> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-1656](<https://vulners.com/cve/CVE-2018-1656>) \n**DESCRIPTION:** The IBM Java Runtime Environment''s Diagnostic Tooling Framework for Java (DTFJ) does not protect against path traversal attacks when extracting compressed dump files. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144882> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2964](<https://vulners.com/cve/CVE-2018-2964>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146827> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2973](<https://vulners.com/cve/CVE-2018-2973>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JSSE component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146835> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-12539](<https://vulners.com/cve/CVE-2018-12539>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a local attacker to gain elevated privileges on the system, caused by the failure to restrict the use of Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations to only the process owner. An attacker could exploit this vulnerability to execute untrusted native code and gain elevated privileges on the system. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148389> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected IBM Security SiteProtector System | Affected Versions \n---|--- \nIBM Security SiteProtector System | 3.0.0 \nIBM Security SiteProtector System | 3.1.1 \n \n## Remediation/Fixes\n\n_Product_ | _VRMF_ | _Remediation/First Fix_ \n---|---|--- \nIBM Security SiteProtector System | 3.1.1.17 | \n\nApply the appropriate eXPress Updates (XPUs) as identified in the SiteProtector Console Agent view:\n\nServicePack3_1_1_17.xpu \nConsole-Setup.exe \nIBM Security SiteProtector System | 3.0.0.20 | \n\nApply the appropriate eXPress Updates (XPUs) as identified in the SiteProtector Console Agent view:\n\nServicePack3_0_0_20.xpu \nAgentManager_WINNT_XXX_ST_3_0_0_84.xpu \nRSEvntCol_WINNT_XXX_ST_3_0_0_17.xpu \nConsole-Setup.exe \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-12-06T03:35:02", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0705", "CVE-2017-3732", "CVE-2017-3736", "CVE-2018-12539", "CVE-2018-1656", "CVE-2018-2964", "CVE-2018-2973"], "modified": "2018-12-06T03:35:02", "id": "6CDA9CBBD4E668C70A53BD4F7D7CDE00CF73C49E1D8C5300C858682BFBB02BCB", "href": "https://www.ibm.com/support/pages/node/742369", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-22T01:46:59", "description": "## Summary\n\nThere are several vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring (ITM) components.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-3139](<https://vulners.com/cve/CVE-2018-3139>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151455> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-3136](<https://vulners.com/cve/CVE-2018-3136>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151452> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-13785](<https://vulners.com/cve/CVE-2018-13785>) \n**DESCRIPTION:** libpng is vulnerable to a denial of service, caused by a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146015> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-3214](<https://vulners.com/cve/CVE-2018-3214>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Sound component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151530> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-3180](<https://vulners.com/cve/CVE-2018-3180>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JSSE component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151497> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-3149](<https://vulners.com/cve/CVE-2018-3149>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151465> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3169](<https://vulners.com/cve/CVE-2018-3169>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151486> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nThe following components of IBM Tivoli Monitoring (ITM) are affected by this bulletin: \n \n-Java (CANDLEHOME) ITM 6.2.3 Fix Pack 1 (JRE 1.6) through 6.3.0 Fix Pack 7 (JRE 7) (CVE-2018-3139 only) \n-Java (Tivoli Enterprise Portal client browser or webstart) ITM 6.2.3 Fix pack 1 through 6.3.0 Fix Pack 7 (All CVE's listed, CVE-2018-3169 ITM 6.3.0 only) \n\n\n## Remediation/Fixes\n\n**_Java (TEP) Remediation:_** \nThese vulnerabilities exist where the affected Java Runtime Environment (JRE) is installed on systems running the Tivoli Enterprise Portal Browser client or Java WebStart client. The affected JRE is installed on a system when logging into the IBM Tivoli Enterprise Portal using the Browser client or WebStart client and a JRE at the required level does not exist. The portal provides an option to download the provided JRE to the system. \n \nThis fix below provides updated JRE packages for the portal server which can be downloaded by new client systems. Once the fix has been installed on the portal server, instructions in the README can be used to download the updated JRE from the portal to the portal clients.\n\n## Fix\n\n| \n\n## VRMF\n\n| \n\n## How to acquire fix \n \n---|---|--- \n6.X.X-TIV-ITM_JRE_TEP-20190205 | 6.2.3 FP1 through 6.3.0 FP7 | <http://www.ibm.com/support/docview.wss?uid=ibm10870554> \n \n**_Java (CANDLEHOME) Remediation:_** \nThe patch below should be installed which will update the shared Tivoli Enterprise-supplied JRE (jr component on UNIX/Linux) or Embedded JVM (JVM component on Windows).\n\n## Fix\n\n| \n\n## VRMF\n\n| \n\n## How to acquire fix \n \n---|---|--- \n6.X.X-TIV-ITM_JRE_CANDLEHOME-20190205 | 6.2.3 through 6.3.0 FP7 | <http://www.ibm.com/support/docview.wss?uid=ibm10870418> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2019-02-07T20:15:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-13785", "CVE-2018-3136", "CVE-2018-3139", "CVE-2018-3149", "CVE-2018-3169", "CVE-2018-3180", "CVE-2018-3214"], "modified": "2019-02-07T20:15:01", "id": "E225A3BCBC25004797E7534D985A248393CAA8A86180ED2ACE900CE1374465F7", "href": "https://www.ibm.com/support/pages/node/796308", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-22T01:47:23", "description": "## Summary\n\nThere are multiple vulnerabilities in the IBM\u00ae SDK Java\u2122 Technology Edition, Versions 7 and 8 that are used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in October 2018.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-3139](<https://vulners.com/cve/CVE-2018-3139>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151455> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-3136](<https://vulners.com/cve/CVE-2018-3136>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151452> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-13785](<https://vulners.com/cve/CVE-2018-13785>) \n**DESCRIPTION:** libpng is vulnerable to a denial of service, caused by a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146015> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-3214](<https://vulners.com/cve/CVE-2018-3214>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Sound component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151530> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-3180](<https://vulners.com/cve/CVE-2018-3180>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JSSE component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151497> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-3169](<https://vulners.com/cve/CVE-2018-3169>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151486> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3183](<https://vulners.com/cve/CVE-2018-3183>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Scripting component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151500> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nThe following products, running on all supported platforms, are affected: \nIBM InfoSphere Information Server: versions 11.3, 11.5, and 11.7 \nIBM InfoSphere Information Server on Cloud: versions 11.5, and 11.7\n\n## Remediation/Fixes\n\n_Product_\n\n| \n\n_VRMF_\n\n| \n\n_APAR_\n\n| \n\n_Remediation/First Fix_ \n \n---|---|---|--- \n \nInfoSphere Information Server, Information Server on Cloud\n\n| \n\n11.7\n\n| \n\n[JR60346](<http://www.ibm.com/support/docview.wss?uid=swg1JR60346>)\n\n| \n\n\\--Follow instructions in the [README](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is117_JR60346_ISF_services_engine_*>) \n \nInfoSphere Information Server, Information Server on Cloud\n\n| \n\n11.5\n\n| \n\n[JR60346](<http://www.ibm.com/support/docview.wss?uid=swg1JR60346>)\n\n| \n\n\\--Follow instructions in the [README](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is115_JR60346_ISF_services_engine_*>) \n \nInfoSphere Information Server\n\n| \n\n11.3\n\n| \n\n[JR60346](<http://www.ibm.com/support/docview.wss?uid=swg1JR60346>)\n\n| \n\n\\--Follow instructions in the [README](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is113_JR60346_ISF_services_engine_*>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-01-11T18:25:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-13785", "CVE-2018-3136", "CVE-2018-3139", "CVE-2018-3169", "CVE-2018-3180", "CVE-2018-3183", "CVE-2018-3214"], "modified": "2019-01-11T18:25:01", "id": "DB5888B374B195EA64AE86FFE011CAB511B57D364F834B0C07ED31BCE457A156", "href": "https://www.ibm.com/support/pages/node/791921", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:47:06", "description": "## Summary\n\nThere is a vulnerability in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, that is used by IBM SONAS. IBM SONAS has addressed the applicable CVEs.\n\n## Vulnerability Details\n\nIBM SONAS is shipped with Java. Java is required for SONAS administration, for executing SONAS specific commands on the command line, and providing similar functionality using GUI.\n\n**CVEID:** [CVE-2018-3139](<https://vulners.com/cve/CVE-2018-3139>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151455> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-3136](<https://vulners.com/cve/CVE-2018-3136>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151452> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-13785](<https://vulners.com/cve/CVE-2018-13785>) \n**DESCRIPTION:** libpng is vulnerable to a denial of service, caused by a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146015> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-3180](<https://vulners.com/cve/CVE-2018-3180>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JSSE component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151497> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-3149](<https://vulners.com/cve/CVE-2018-3149>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151465> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3169](<https://vulners.com/cve/CVE-2018-3169>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151486> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3183](<https://vulners.com/cve/CVE-2018-3183>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Scripting component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151500> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM SONAS \nThe product is affected when running a code releases 1.5.0.0 to 1.5.2.10\n\n## Remediation/Fixes\n\nIBM recommends that you fix this vulnerability by upgrading affected versions of IBM SONAS to the following code level or higher: \n \n1.5.2.11 \n \nPlease contact IBM support for assistance in upgrading your system.\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-05-02T07:55:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM SONAS", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-13785", "CVE-2018-3136", "CVE-2018-3139", "CVE-2018-3149", "CVE-2018-3169", "CVE-2018-3180", "CVE-2018-3183"], "modified": "2019-05-02T07:55:01", "id": "9DA73CC5147E701B533652A0068B4E2BFE81B34DBA8031F8DAC5CABDC89C081A", "href": "https://www.ibm.com/support/pages/node/871308", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:47:18", "description": "## Summary\n\nThere are vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 8 that is used by IBM Storwize V7000 Unified. These issues were disclosed as part of the IBM Java SDK updates in Oct 2018.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-3139](<https://vulners.com/cve/CVE-2018-3139>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151455> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-3136](<https://vulners.com/cve/CVE-2018-3136>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151452> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-13785](<https://vulners.com/cve/CVE-2018-13785>) \n**DESCRIPTION:** libpng is vulnerable to a denial of service, caused by a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146015> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-3180](<https://vulners.com/cve/CVE-2018-3180>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JSSE component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151497> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-3149](<https://vulners.com/cve/CVE-2018-3149>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151465> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3169](<https://vulners.com/cve/CVE-2018-3169>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151486> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3183](<https://vulners.com/cve/CVE-2018-3183>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Scripting component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151500> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Storwize V7000 Unified \nThe product is affected when running supported code releases 1.6.0.0 to 1.6.2.5. The product running unsupported code releases 1.5 or earlier are also affected.\n\n## Remediation/Fixes\n\nA fix for these issues is in version v1.6.2.6 of IBM Storwize V7000 Unified. Customers running an affected version of IBM Storwize V7000 Unified should upgrade to 1.6.2.6 or a later version.\n\n[Latest Storwize V7000 Unified Software](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1003918&myns=s028&mynp=OCST5Q4U&mync=E>)\n\nSystems running an unsupported version (v1.5 or earlier) should be upgraded to the current release containing the security fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-04-26T17:45:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affects IBM Storwize V7000 Unified", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-13785", "CVE-2018-3136", "CVE-2018-3139", "CVE-2018-3149", "CVE-2018-3169", "CVE-2018-3180", "CVE-2018-3183"], "modified": "2019-04-26T17:45:01", "id": "5347490F621C5EAA77F15FC3D54C4A9B3158BC42BF189B875757746B1767EE06", "href": "https://www.ibm.com/support/pages/node/872558", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:41:17", "description": "## Summary\n\nTXSeries for Multiplatforms has addressed the following vulnerabilities : CVE-2018-1426, CVE-2018-1427, CVE-2018-1428, CVE-2017-3736, CVE-2017-3732, CVE-2016-0705\n\n## Vulnerability Details\n\n \n**CVEID:**[_CVE-2018-1426_](<https://vulners.com/cve/CVE-2018-1426>)** \nDESCRIPTION:**IBM GSKit duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See[_https://exchange.xforce.ibmcloud.com/vulnerabilities/139071_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/139071>)for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n**CVEID:**[_CVE-2018-1427_](<https://vulners.com/cve/CVE-2018-1427>) \n**DESCRIPTION:**IBM GSKit contains several environment variables that a local attacker could overflow and cause a denial of service. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See[_https://exchange.xforce.ibmcloud.com/vulnerabilities/139072_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/139072>)for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID:**[_CVE-2018-1428_](<https://vulners.com/cve/CVE-2018-1428>)** \nDESCRIPTION:**IBM GSKit uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See[_https://exchange.xforce.ibmcloud.com/vulnerabilities/139073_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/139073>)for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID:**[_CVE-2017-3736_](<https://vulners.com/cve/CVE-2017-3736>)** \nDESCRIPTION:**OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See[_https://exchange.xforce.ibmcloud.com/vulnerabilities/134397_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/134397>)for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID:**[_CVE-2017-3732_](<https://vulners.com/cve/CVE-2017-3732>)** \nDESCRIPTION:**OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See[_https://exchange.xforce.ibmcloud.com/vulnerabilities/121313_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121313>)for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:**[_CVE-2016-0705_](<https://vulners.com/cve/CVE-2016-0705>)** \nDESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See[_https://exchange.xforce.ibmcloud.com/vulnerabilities/111140_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111140>)for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n\n## Affected Products and Versions\n\n**Aff****ected TXSeries for Multiplatforms**\n\n| **Affected Versions** \n---|--- \nTXSeries for Multiplatforms | 9.1 \nTXSeries for Multiplatforms | 8.2 \nTXSeries for Multiplatforms | 8.1 \nTXSeries for Multiplatforms | 7.1 \n \n## Remediation/Fixes\n\n**Product**\n\n| VRMF| APAR| Remediation / First Fix \n---|---|---|--- \nTXSeries for Multiplatforms| 9.1.| The updated GSkit have been made available on FixCentral as a special fix \n \nFixID : TXSeriesV91-SpecialFix_GSKit| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EOther%20software&amp;product=ibm/WebSphere/TXSeries+for+Multiplatforms&amp;release=9.1.0.0&amp;platform=All&amp;function=fixId&amp;fixids=TXSeriesV91-SpecialFix_GSKit&amp;includeSupersedes=0&amp;source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EOther%20software&product=ibm/WebSphere/TXSeries+for+Multiplatforms&release=9.1.0.0&platform=All&function=fixId&fixids=TXSeriesV91-SpecialFix_GSKit&includeSupersedes=0&source=fc>) \nTXSeries for Multiplatforms| 8.2| The updated GSkit have been made available on FixCentral as FixPacks \nAIX : \n8.2.0.2-TXSeries-AIX-FixPack2 \n \nLinux x86 : 8.2.0.2-TXSeries-Linux-FixPack2 \n \nWindows : 8.2.0.2-TXSeries-WINDOWS-FixPack2 \n \nHPUX-IA64 : 8.2.0.2-TXSeries-HPUX-IA64-FixPack2| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EOther%20software&amp;product=ibm/WebSphere/TXSeries+for+Multiplatforms&amp;release=8.2.0.2&amp;platform=All&amp;function=all&amp;source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EOther%20software&product=ibm/WebSphere/TXSeries+for+Multiplatforms&release=8.2.0.2&platform=All&function=all&source=fc>) \nTXSeries for Multiplatforms| 8.1| The updated GSkit have been made available on FixCentral as a special fix \n \nFixID :TXSeriesV81-SpecialFix_GSKit| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EOther%20software&amp;product=ibm/WebSphere/TXSeries+for+Multiplatforms&amp;release=8.1.0.0&amp;platform=All&amp;function=fixId&amp;fixids=TXSeriesV81-SpecialFix_GSKit&amp;includeSupersedes=0&amp;source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EOther%20software&product=ibm/WebSphere/TXSeries+for+Multiplatforms&release=8.1.0.0&platform=All&function=fixId&fixids=TXSeriesV81-SpecialFix_GSKit&includeSupersedes=0&source=fc>) \nTXSeries for Multiplatforms| 7.1| The updated GSkit have been made available on FixCentral as a special fix \n \nFixID :TXSeriesV71-SpecialFix_GSKit| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EOther%20software&amp;product=ibm/WebSphere/TXSeries+for+Multiplatforms&amp;release=7.1.0.6&amp;platform=All&amp;function=fixId&amp;fixids=TXSeriesV71-SpecialFix_GSKit&amp;includeSupersedes=0&amp;source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EOther%20software&product=ibm/WebSphere/TXSeries+for+Multiplatforms&release=7.1.0.6&platform=All&function=fixId&fixids=TXSeriesV71-SpecialFix_GSKit&includeSupersedes=0&source=fc>) \n \n## Workarounds and Mitigations\n\nnone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-08-03T04:23:43", "type": "ibm", "title": "Security Bulletin: TXSeries for Multiplatforms is affected by multiple vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0705", "CVE-2017-3732", "CVE-2017-3736", "CVE-2018-1426", "CVE-2018-1427", "CVE-2018-1428"], "modified": "2018-08-03T04:23:43", "id": "5711509DD871227FC9F7CD530DA0E06F21DDA1D522E7B1C76AC95D3AD5F6BC07", "href": "https://www.ibm.com/support/pages/node/571623", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T21:49:30", "description": "## Summary\n\nGSKit is an IBM component that is used by IBM Personal Communications. GSKit that is shipped with IBM Personal Communications contains multiple security vulnerabilities. IBM Personal Communications has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-0705](<https://apac01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2016-0705&data=02%7C01%7Cmadhukar.b%40hcl.com%7C0100f1e398944979e87808d5e66dba3e%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636668281317464102&sdata=2tIz5ha0DGBXizlOjOHLzfTvoFvSvoAHvSk15VXrH4Y%3D&reserved=0>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/111140](<https://apac01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fexchange.xforce.ibmcloud.com%2Fvulnerabilities%2F111140&data=02%7C01%7Cmadhukar.b%40hcl.com%7C0100f1e398944979e87808d5e66dba3e%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636668281317474110&sdata=Da1cDeWj%2BFdlC9xIPo%2F37hluV4EmP3Smem3YvgCduzQ%3D&reserved=0>)for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n\n**CVEID:** [CVE-2017-3732](<https://apac01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2017-3732&data=02%7C01%7Cmadhukar.b%40hcl.com%7C0100f1e398944979e87808d5e66dba3e%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636668281317484117&sdata=Ep6n2Dr77RNBPh8blWIhw1Ui0OK7aenDQPmEpgAWrzM%3D&reserved=0>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/121313](<https://apac01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fexchange.xforce.ibmcloud.com%2Fvulnerabilities%2F121313&data=02%7C01%7Cmadhukar.b%40hcl.com%7C0100f1e398944979e87808d5e66dba3e%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636668281317484117&sdata=KVBWjO6EXAx6SOBkBREoge1CIpo6uH3y%2BJadCTdo1gU%3D&reserved=0>)for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n\n**CVEID:** [CVE-2017-3736](<https://apac01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2017-3736&data=02%7C01%7Cmadhukar.b%40hcl.com%7C0100f1e398944979e87808d5e66dba3e%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636668281317494125&sdata=sJGB0T%2Bow4PkojoUUhApFy75JxiNo47WBbdCBXgsreQ%3D&reserved=0>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/134397](<https://apac01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fexchange.xforce.ibmcloud.com%2Fvulnerabilities%2F134397&data=02%7C01%7Cmadhukar.b%40hcl.com%7C0100f1e398944979e87808d5e66dba3e%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636668281317504133&sdata=8fbkZSvpyUho6MA5UCm17btdpFbuwA%2F%2Fl4kCwX6gRNY%3D&reserved=0>)for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n\n\n**CVEID:** [CVE-2018-1428](<https://apac01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2018-1428&data=02%7C01%7Cmadhukar.b%40hcl.com%7C0100f1e398944979e87808d5e66dba3e%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636668281317504133&sdata=lqDf4xXWIU6dkmXpwbMgWhFcI6E7CXcWhRW8XFhMyps%3D&reserved=0>) \n**DESCRIPTION:** IBM GSKit uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/139073](<https://apac01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fexchange.xforce.ibmcloud.com%2Fvulnerabilities%2F139073&data=02%7C01%7Cmadhukar.b%40hcl.com%7C0100f1e398944979e87808d5e66dba3e%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636668281317514137&sdata=MT3SuUdAPUzd%2F5tmnmnF5DvNuheFXSoCabw8QlgycCA%3D&reserved=0>)for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n\n\n**CVEID:** [CVE-2018-1427](<https://apac01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2018-1427&data=02%7C01%7Cmadhukar.b%40hcl.com%7C0100f1e398944979e87808d5e66dba3e%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636668281317524144&sdata=ak4M0Oq1K29x5ExXFriXrUoFpyMPSqp9p2PxkZOjOn4%3D&reserved=0>) \n**DESCRIPTION:** IBM GSKit contains several enviornment variables that a local attacker could overflow and cause a denial of service. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/139072](<https://apac01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fexchange.xforce.ibmcloud.com%2Fvulnerabilities%2F139072&data=02%7C01%7Cmadhukar.b%40hcl.com%7C0100f1e398944979e87808d5e66dba3e%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636668281317524144&sdata=IKNm9fqBEGjfbwzN6lHUXrQ7cT5IF%2BD48XL8SGHEWt0%3D&reserved=0>)for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n\n**CVEID:** [CVE-2018-1426](<https://apac01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2018-1426&data=02%7C01%7Cmadhukar.b%40hcl.com%7C0100f1e398944979e87808d5e66dba3e%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636668281317534156&sdata=yQmxysYR0gNWeuLE%2FxyKtq3UMSkFrGIg8myg63%2Fl95E%3D&reserved=0>) \n**DESCRIPTION:** IBM GSKit duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/139071](<https://apac01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fexchange.xforce.ibmcloud.com%2Fvulnerabilities%2F139071&data=02%7C01%7Cmadhukar.b%40hcl.com%7C0100f1e398944979e87808d5e66dba3e%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636668281317534156&sdata=m%2BryQA4GqSjlZT3rcPEp83DhJ55yiEJ%2B0bjUze9LHXQ%3D&reserved=0>)for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n## Affected Products and Versions\n\nIBM Personal Communications 12.0, 12.0.0.1, 12.0.1, 12.0.2, 12.0.3\n\n## Remediation/Fixes\n\n_Product_\n\n| \n\n_VRMF_\n\n| \n\n_Remediation_ \n \n---|---|--- \n \nIBM Personal Communications\n\n| \n\n12.0\n\n| \n\n[Upgrade to Personal Communications 12.0.4](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+Personal+Communications&release=12.0.4&platform=Windows&function=all>) \n \nIBM Personal Communications\n\n| \n\n12.0.0.1\n\n| \n\n[Upgrade to Personal Communications 12.0.4](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+Personal+Communications&release=12.0.4&platform=Windows&function=all>) \n \nIBM Personal Communications\n\n| \n\n12.0.1.0\n\n| \n\n[Upgrade to Personal Communications 12.0.4](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+Personal+Communications&release=12.0.4&platform=Windows&function=all>) \n \nIBM Personal Communications\n\n| \n\n12.0.2.0\n\n| \n\n[Upgrade to Personal Communications 12.0.4](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+Personal+Communications&release=12.0.4&platform=Windows&function=all>) \n \nIBM Personal Communications\n\n| \n\n12.0.3.0\n\n| \n\n[Upgrade to Personal Communications 12.0.4](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+Personal+Communications&release=12.0.4&platform=Windows&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-07-30T17:22:28", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM GSKit affect IBM Personal Communications", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0705", "CVE-2017-3732", "CVE-2017-3736", "CVE-2018-1426", "CVE-2018-1427", "CVE-2018-1428"], "modified": "2018-07-30T17:22:28", "id": "2614071BF8D5B0482694D82BE1651280FCE95089D3BF507FE1CD1ED3591D2446", "href": "https://www.ibm.com/support/pages/node/717437", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T21:48:27", "description": "## Summary\n\nGSKit is shipped with IBM Tivoli Network Manager IP Edition. Information about security vulnerabilities affecting GSKit has been published here. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-0705](<https://vulners.com/cve/CVE-2016-0705>) \n**DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111140> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n \n**CVEID:** [CVE-2017-3732](<https://vulners.com/cve/CVE-2017-3732>) \n**DESCRIPTION: **OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121313> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n \n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n \n**CVEID: **[CVE-2018-1428](<https://vulners.com/cve/CVE-2018-1428>) \n**DESCRIPTION: **IBM GSKit uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139073> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n \n**CVEID:** [CVE-2018-1427](<https://vulners.com/cve/CVE-2018-1427>) \n**DESCRIPTION:** IBM GSKit contains several environment variables that a local attacker could overflow and cause a denial of service. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139072> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n**CVEID:** [CVE-2018-1426](<https://vulners.com/cve/CVE-2018-1426>) \n**DESCRIPTION:** IBM GSKit duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139071> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n## Affected Products and Versions\n\nIBM Tivoli Network Manager IP Edition 3.9, 4.1.1 and 4.2\n\n## Remediation/Fixes\n\n**Principal Product and Version(s)** | **Remediation/Fix** \n---|--- \nIBM Tivoli Network Manager IP Edition 3.9 | \n\n[http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Network+Manager+IP+Edition&amp;fixids=IJ08382.PlatformAll.3.9.0.132&amp;source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Network+Manager+IP+Edition&fixids=IJ08382.PlatformAll.3.9.0.132&source=SAR>) \n \nIBM Tivoli Network Manager IP Edition 4.1.1 | \n\n[http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Network+Manager+IP+Edition&amp;fixids=IJ08382.Linux.4.1.1.49&amp;source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Network+Manager+IP+Edition&fixids=IJ08382.Linux.4.1.1.49&source=SAR>) \n \nIBM Tivoli Network Manager IP Edition 4.2 | [ITNM 4.2 FP005 on Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Tivoli+Network+Manager+IP+Edition&release=4.2.0.4&platform=All&function=all>) \n \n \n**Please also note the** ** ** [**end of support announcement**](<http://www-01.ibm.com/common/ssi/ShowDoc.wss?docURL=/common/ssi/rep_ca/8/897/ENUS917-138/index.html&lang=en&request_locale=en>) ** ** **from 12 September 2017 for selected Netcool product versions. You can find detailed information on whether the product version you have installed in your environment is affected by this end of service announcement by following the ** [**Netcool End of Support Knowledge Collection.**](<https://www-01.ibm.com/support/entdocview.wss?uid=swg22009231>) ** ** **If your product version is affected, IBM recommend to upgrade your product version to the latest supported version of your product. Please contact your IBM account manager for any question you might have or for any assistance you may require for upgrading an end of service announced offering.**\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-08-14T16:21:16", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in GSKit, which is shipped with IBM Tivoli Network Manager IP Edition.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0705", "CVE-2017-3732", "CVE-2017-3736", "CVE-2018-1426", "CVE-2018-1427", "CVE-2018-1428"], "modified": "2018-08-14T16:21:16", "id": "CC714D6CB93526CA67C3B1AF953783F7648CF4A4936616886992C0290C5D5B18", "href": "https://www.ibm.com/support/pages/node/720265", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-23T21:45:38", "description": "## Summary\n\nIBM Security Privileged Identity Manager has addressed the following vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-0705](<https://vulners.com/cve/CVE-2016-0705>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111140> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2017-3732](<https://vulners.com/cve/CVE-2017-3732>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121313> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-1428](<https://vulners.com/cve/CVE-2018-1428>) \n**DESCRIPTION:** IBM GSKit uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139073> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-1427](<https://vulners.com/cve/CVE-2018-1427>) \n**DESCRIPTION:** IBM GSKit contains several enviornment variables that a local attacker could overflow and cause a denial of service. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139072> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-1426](<https://vulners.com/cve/CVE-2018-1426>) \n**DESCRIPTION:** IBM GSKit duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139071> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n## Affected Products and Versions\n\nProduct | VRMF \n---|--- \nIBM Security Privileged Identity Manager | 2.1.0 - 2.1.0.7 \nIBM Security Privileged Identity Manager | 2.0.2 - 2.0.2.10 \n \n## Remediation/Fixes\n\n**Product** | **VRMF** | **Remediation** \n---|---|--- \nIBM Security Privileged Identity Manager | 2.1.0 - 2.1.0.7 | [_2.1.0-ISS-ISPIM-VA-FP0008 _](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?fixids=2.1.0-ISS-ISPIM-VA-FP0008&mhq=2.1.0-ISS-ISPIM-VA-FP0008&mhsrc=ibmsearch_a&product=ibm%2FTivoli%2FIBM%20Security%20Privileged%20Identity%20Manager&source=dbluesearch&function=fixId&parent=IBM%20Security>) \nIBM Security Privileged Identity Manager | 2.0.2 - 2.0.2.10 | [_2.0.2-ISS-ISPIM-VA-FP0011_](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=Security%2BSystems&product=ibm/Tivoli/IBM+Security+Privileged+Identity+Manager&release=2.0.2&platform=Linux&function=fixId&fixids=2.0.2-ISS-ISPIM-VA-FP0011&includeRequisites=1&includeSup&login=true>) \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-07-02T02:10:01", "type": "ibm", "title": "Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0705", "CVE-2017-3732", "CVE-2017-3736", "CVE-2018-1426", "CVE-2018-1427", "CVE-2018-1428"], "modified": "2019-07-02T02:10:01", "id": "0E703A42B01F9DF3E0FEC04EEA4F7733F5A313C86865501C0F8A79378E425C34", "href": "https://www.ibm.com/support/pages/node/871366", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-28T22:03:02", "description": "## Summary\n\nGSKit is an IBM component that is used by Host On-Demand. GSKit that is shipped with Host On-Demand contains multiple security vulnerabilities .Host On-Demand has addressed the applicable CVEs. \n\n## Vulnerability Details\n\n**CVEID:**[CVE-2018-1426](<https://apac01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2018-1426&data=02%7C01%7Cbohra.d%40hcl.com%7C31a6b9cf7d1245a3437108d58b6e8972%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636568229252985383&sdata=M5qIAIZRv2pwFj4070mAqPKwBYv5Bp9VtctmJnCT4WI%3D&reserved=0>) \n**DESCRIPTION:**IBM GSKit duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See[https://exchange.xforce.ibmcloud.com/vulnerabilities/139071](<https://apac01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fexchange.xforce.ibmcloud.com%2Fvulnerabilities%2F139071&data=02%7C01%7Cbohra.d%40hcl.com%7C31a6b9cf7d1245a3437108d58b6e8972%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636568229252985383&sdata=gPpF21vx%2B1dcHum0GrEhHWKdNKwzOiAkonlrXlLz9bU%3D&reserved=0>)for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:**[CVE-2018-1427](<https://apac01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2018-1427&data=02%7C01%7Cbohra.d%40hcl.com%7C31a6b9cf7d1245a3437108d58b6e8972%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636568229252985383&sdata=QC7ESqmyHvgI5ow8l6ZxreJZylEikfBAvbni3NbXhNo%3D&reserved=0>) \n**DESCRIPTION:**IBM GSKit contains several environment variables that a local attacker could overflow and cause a denial of service. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See[https://exchange.xforce.ibmcloud.com/vulnerabilities/139072](<https://apac01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fexchange.xforce.ibmcloud.com%2Fvulnerabilities%2F139072&data=02%7C01%7Cbohra.d%40hcl.com%7C31a6b9cf7d1245a3437108d58b6e8972%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636568229252985383&sdata=IJsptD8OiwisaEdw78jCGaMlASeDAKjjamr24c8rq2U%3D&reserved=0>)for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:**[CVE-2018-1428](<https://apac01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2018-1428&data=02%7C01%7Cbohra.d%40hcl.com%7C31a6b9cf7d1245a3437108d58b6e8972%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636568229252985383&sdata=CdBNWfAS3cJbT5Td72wTBP1LgwUj9Nok%2FUmprLP2DsU%3D&reserved=0>) \n**DESCRIPTION:**IBM GSKit uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See[https://exchange.xforce.ibmcloud.com/vulnerabilities/139073](<https://apac01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fexchange.xforce.ibmcloud.com%2Fvulnerabilities%2F139073&data=02%7C01%7Cbohra.d%40hcl.com%7C31a6b9cf7d1245a3437108d58b6e8972%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636568229252985383&sdata=Ww6SrhAO8kTTKTgAuU8SA9OO6UfEYFcRrHPtNQPA1bc%3D&reserved=0>)for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:**[CVE-2017-3736](<https://apac01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2017-3736&data=02%7C01%7Cbohra.d%40hcl.com%7C31a6b9cf7d1245a3437108d58b6e8972%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636568229252985383&sdata=oBEwXm%2B9EjdT6LXbWoTv05s4DUQ%2FowzLWM96LrtT13g%3D&reserved=0>) \n**DESCRIPTION:**OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See[https://exchange.xforce.ibmcloud.com/vulnerabilities/134397](<https://apac01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fexchange.xforce.ibmcloud.com%2Fvulnerabilities%2F134397&data=02%7C01%7Cbohra.d%40hcl.com%7C31a6b9cf7d1245a3437108d58b6e8972%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636568229252985383&sdata=0gTXmKqt6zahWePHxfbd3a4%2FzIDj3l1z%2BkZCDNCtH20%3D&reserved=0>)for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:**[CVE-2017-3732](<https://apac01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2017-3732&data=02%7C01%7Cbohra.d%40hcl.com%7C31a6b9cf7d1245a3437108d58b6e8972%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636568229252985383&sdata=SZXzDnI1%2F7dryeBhWtbvV9gEHETaiGomULG8RgxFLVM%3D&reserved=0>) \n**DESCRIPTION:**OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See[https://exchange.xforce.ibmcloud.com/vulnerabilities/121313](<https://apac01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fexchange.xforce.ibmcloud.com%2Fvulnerabilities%2F121313&data=02%7C01%7Cbohra.d%40hcl.com%7C31a6b9cf7d1245a3437108d58b6e8972%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636568229252985383&sdata=R%2BOjm%2FxWj06jo24qUVvF0mZfZFW0GrA5yT4CXh9%2FqGo%3D&reserved=0>)for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:**[CVE-2016-0705](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705>) \n**DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See: <https://exchange.xforce.ibmcloud.com/vulnerabilities/111140> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\n\n## Affected Products and Versions\n\nHost On-Demand 13.0 \n\nHost On-Demand 12.0, 12.0.0.1, 12.0.1, 12.0.2, 12.0.3\n\n## Remediation/Fixes\n\n_Product_\n\n| \n\n_VRMF_\n\n| \n\n_Remediation_ \n \n---|---|--- \n \nHost On-Demand\n\n| \n\n12.0\n\n| \n\n[Upgrade to Host On-Demand 12.0.4](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+Host+On-Demand&release=12.0.4&platform=All&function=all>) \n \nHost On-Demand\n\n| \n\n12.0.0.1\n\n| \n\n[Upgrade to Host On-Demand 12.0.4](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+Host+On-Demand&release=12.0.4&platform=All&function=all>) \n \nHost On-Demand\n\n| \n\n12.0.1\n\n| \n\n[Upgrade to Host On-Demand 12.0.4](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+Host+On-Demand&release=12.0.4&platform=All&function=all>) \n \nHost On-Demand\n\n| \n\n12.0.2\n\n| \n\n[Upgrade to Host On-Demand 12.0.4](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+Host+On-Demand&release=12.0.4&platform=All&function=all>) \n \nHost On-Demand\n\n| \n\n12.0.3\n\n| \n\n[Upgrade to Host On-Demand 12.0.4](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+Host+On-Demand&release=12.0.4&platform=All&function=all>) \n \nHost On-Demand\n\n| \n\n13.0\n\n| \n\n[Upgrade to Host On-Demand 13.0.1](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+Host+On-Demand&release=13.0.1&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n13 July 2018: Original version published \n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Product\":{\"code\":\"SSS9FA\",\"label\":\"IBM Host On-Demand\"},\"Component\":\"GSKit\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"12.0.0;12.0.0.1;12.0.1;12.0.2;12.0.3;13.0.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB35\",\"label\":\"Mainframe SW\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-08-01T16:04:04", "type": "ibm", "title": "Security Bulletin : Multiple vulnerabilities in\u00a0IBM GSKit affect\u00a0IBM Host On-Demand.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0705", "CVE-2017-3732", "CVE-2017-3736", "CVE-2018-1426", "CVE-2018-1427", "CVE-2018-1428"], "modified": "2018-08-01T16:04:04", "id": "BC7F561FAB80D5D0A48021AB45201595C02030C9CECEBEB548DFB50B6376384A", "href": "https://www.ibm.com/support/pages/node/716977", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-23T21:39:12", "description": "## Summary\n\nIBM Informix Client SDK has addressed the issues reported for the following GSKIT vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-0705](<https://vulners.com/cve/CVE-2016-0705>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111140> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2017-3732](<https://vulners.com/cve/CVE-2017-3732>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121313> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-1426](<https://vulners.com/cve/CVE-2018-1426>) \n**DESCRIPTION:** IBM GSKit duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139071> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-1427](<https://vulners.com/cve/CVE-2018-1427>) \n**DESCRIPTION:** IBM GSKit contains several enviornment variables that a local attacker could overflow and cause a denial of service. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139072> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-1428](<https://vulners.com/cve/CVE-2018-1428>) \n**DESCRIPTION:** IBM GSKit uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139073> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\n**Affected IBM Informix Dynamic Server**\n\n| \n\n**Affected Versions** \n \n---|--- \nIBM Informix Client Software Development Kit | 4.10.xC1 through 4.10.xC12 \n \n## Remediation/Fixes\n\nUpgrade to 4.10.xC13\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**Remediation / First Fix** \n \n---|---|--- \nIBM Informix Client Software Development Kit | \n\n4.10.xC13\n\n| \n\n[Fix Central](<https://www-945.ibm.com/support/fixcentral>) \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-07T15:25:06", "type": "ibm", "title": "Security Bulletin: IBM Informix Client SDK is affected by GSKIT vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0705", "CVE-2017-3732", "CVE-2017-3736", "CVE-2018-1426", "CVE-2018-1427", "CVE-2018-1428"], "modified": "2020-12-07T15:25:06", "id": "EFC96C84FC6627E09277E1FB61859CD2CA1859DFD91107C5D299A533D68503BF", "href": "https://www.ibm.com/support/pages/node/964993", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T05:43:58", "description": "## Summary\n\nVulnerabilities in IBM GSKit and IBM GSKit-Crypto affect IBM Performance Management products.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-0705](<https://vulners.com/cve/CVE-2016-0705>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111140> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [CVE-2017-3732](<https://vulners.com/cve/CVE-2017-3732>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See[ https://exchange.xforce.ibmcloud.com/vulnerabilities/121313](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121313>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID:** [CVE-2018-1426](<https://vulners.com/cve/CVE-2018-1426>)** \nDESCRIPTION:** IBM GSKit duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139071> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n**CVEID:** [CVE-2018-1427](<https://vulners.com/cve/CVE-2018-1427>)** \nDESCRIPTION:** IBM GSKit contains several enviornment variables that a local attacker could overflow and cause a denial of service. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139072> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID:** [CVE-2018-1428](<https://vulners.com/cve/CVE-2018-1428>)** \nDESCRIPTION:** IBM GSKit uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139073> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n\n## Affected Products and Versions\n\nIBM Monitoring 8.1.3 \nIBM Advanced Diagnostics 8.1.3 \nIBM Application Performance Management 8.1.3 \nIBM Application Performance Management Advanced 8.1.3 \nIBM Application Performance Management, Base Private 8.1.4 \nIBM Application Performance Management, Advanced Private 8.1.4\n\n## Remediation/Fixes\n\n_Product_\n\n| _Product_ \n_VRMF_| _Remediation_ \n---|---|--- \nIBM Monitoring \n\nIBM Application Diagnostics\n\nIBM Application Performance Management\n\nIBM Application Performance Management Advanced\n\n| _8.1.3_ \n \n_ _ \n_ _| The vulnerabilities can be remediated by applying the following 8.1.3.0-IBM-IPM-SERVER-IF0012 server patch to the system where the Performance Management server is installed: [http://www-01.ibm.com/support/docview.wss?rs=0&amp;uid=isg400003854](<http://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400003854>) \nIBM Cloud Application Performance Management Base Private \n\nIBM Cloud Application Performance Management Advanced Private\n\n| _8.1.4_| The vulnerability can be remediated by applying the following 8.1.4.0-IBM-APM-SERVER-IF0004 server patch to the system where the Cloud APM server is installed: [http://www-01.ibm.com/support/docview.wss?rs=0&amp;uid=isg400003783](<http://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400003783>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T15:51:29", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in IBM GSKit and IBM GSKit-Crypto affect IBM Performance Management products", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0705", "CVE-2017-3732", "CVE-2017-3736", "CVE-2018-1426", "CVE-2018-1427", "CVE-2018-1428"], "modified": "2018-06-17T15:51:29", "id": "F90FD904FE2AD66DEF4FDDFD5D99DDE1F5E9A79893EE2F3ADB1619E2F648B6FC", "href": "https://www.ibm.com/support/pages/node/570497", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-28T22:02:38", "description": "## Summary\n\nIBM Algo One Core has addressed the following vulnerabilities: CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, CVE-2018-1428, CVE-2018-1427, and CVE-2018-1426.\n\n## Vulnerability Details\n\n**Relevant CVE Information:**\n\n**CVEID:** [_CVE-2016-0705_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111140_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111140>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2017-3732_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121313_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121313>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2017-3736_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3736>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/134397_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/134397>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-1428_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1428>)** \nDESCRIPTION:** IBM GSKit uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/139073_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/139073>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-1427_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1427>)** \nDESCRIPTION:** IBM GSKit contains several enviornment variables that a local attacker could overflow and cause a denial of service. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/139072_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/139072>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2018-1426_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1426>)** \nDESCRIPTION:** IBM GSKit duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/139071_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/139071>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n## Affected Products and Versions\n\nIBM Algo One Core 5.0.0, 5.1.0\n\n## Remediation/Fixes\n\n**Product Name**\n\n| **iFix Name**| **Remediation/First Fix** \n---|---|--- \nIBM Algo One Core| 510-371| [Fix Central Download](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.1.0.0-Algo-One-AlgoCore-if0371:0&includeSupersedes=0&source=fc&login=true>) \nIBM Algo One Core| 500-403| [Fix Central Download](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.0.0.0-Algo-One-AlgoCore-if0403:0&includeSupersedes=0&source=fc&login=true>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSHKAP\",\"label\":\"Algo One\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"Algo Core\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"5.1.0;5.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-22T01:40:32", "type": "ibm", "title": "Security Bulletin: Algo One Core is affected by GSKit vulnerabilities.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0705", "CVE-2017-3732", "CVE-2017-3736", "CVE-2018-1426", "CVE-2018-1427", "CVE-2018-1428"], "modified": "2018-06-22T01:40:32", "id": "9872D764206750F6FD9C7F555D6B4C23926B755B4AE368CDD8485546CDEBC462", "href": "https://www.ibm.com/support/pages/node/711803", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T21:45:48", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7 and 8 that is used by IBM Operational Decision Manager (ODM). These issues were disclosed as part of the IBM Java SDK updates in July 2018 \n \n\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information. \n\n\n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2017-3732](<https://vulners.com/cve/CVE-2017-3732>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121313> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2016-0705](<https://vulners.com/cve/CVE-2016-0705>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111140> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-1656](<https://vulners.com/cve/CVE-2018-1656>) \n**DESCRIPTION:** The IBM Java Runtime Environment''s Diagnostic Tooling Framework for Java (DTFJ) does not protect against path traversal attacks when extracting compressed dump files. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144882> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2973](<https://vulners.com/cve/CVE-2018-2973>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Embedded JSSE component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146835> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-12539](<https://vulners.com/cve/CVE-2018-12539>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a local attacker to gain elevated privileges on the system, caused by the failure to restrict the use of Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations to only the process owner. An attacker could exploit this vulnerability to execute untrusted native code and gain elevated privileges on the system. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148389> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n * IBM Operational Decision Manager v8.5\n * IBM Operational Decision Manager v8.6\n * IBM Operational Decision Manager v8.7\n * IBM Operational Decision Manager v8.8\n * IBM Operational Decision Manager v8.9\n\n## Remediation/Fixes\n\nIBM recommends upgrading to a fixed, supported version/release/platform of the product:\n\n * IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 30 and subsequent releases\n * IBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix Pack 20 and subsequent releases\n\n \nSelect the following interim fix to upgrade your JDK based on your version of the product and operating system:\n\nIBM Operational Decision Manager v8.5: \nIBM Operational Decision Manager v8.6: \nIBM Operational Decision Manager v8.7: \nIBM Operational Decision Manager v8.8: \nInterim fix for APAR RS03231 is available from [IBM Fix Central](<https://www-933.ibm.com/support/fixcentral/options?selectionBean.selectedTab=select&productGroup0=ibm/WebSphere>): \n**8.5.0.0-WS-ODM_JDK7-&lt;OS&gt;-****IF002** \n \nIBM Operational Decision Manager v8.8: \nIBM Operational Decision Manager v8.9: \nInterim fix for APAR RS03231 is available from [IBM Fix Central](<https://www-933.ibm.com/support/fixcentral/options?selectionBean.selectedTab=select&productGroup0=ibm/WebSphere>): \n**8.8.0.0-WS-ODM_JDK8-&lt;OS&gt;-****IF002** \n \n \nFor IBM WebSphere Operational Decision Management v7.1, v7.5, v8.0, v8.5 IBM recommends upgrading to a fixed supported version.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-16T14:35:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM\u00ae SDK, Java\u2122 Technology Edition affect IBM Operational Decision Manager", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0705", "CVE-2017-3732", "CVE-2017-3736", "CVE-2018-12539", "CVE-2018-1656", "CVE-2018-2973"], "modified": "2018-11-16T14:35:01", "id": "3165A2AA157F1B9BD1D78DE6275BFF661B98BF29C82399B7216463D7581B8060", "href": "https://www.ibm.com/support/pages/node/740447", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-23T21:47:49", "description": "## Summary\n\nMultiple vulnerabilities in the Oracle Java SE and the Java SE Embedded impact the IBM SDK, Java Technology Edition.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-3139](<https://vulners.com/cve/CVE-2018-3139>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151455> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-3136](<https://vulners.com/cve/CVE-2018-3136>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151452> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-13785](<https://vulners.com/cve/CVE-2018-13785>) \n**DESCRIPTION:** libpng is vulnerable to a denial of service, caused by a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146015> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-3214](<https://vulners.com/cve/CVE-2018-3214>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Sound component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151530> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-3180](<https://vulners.com/cve/CVE-2018-3180>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JSSE component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151497> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-3149](<https://vulners.com/cve/CVE-2018-3149>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151465> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Cloud Application Performance Management, Base Private \n \nIBM Cloud Application Performance Management, Advanced Private \n \nIBM Cloud Application Performance Management\n\n## Remediation/Fixes\n\n## \n\n_Product_\n\n| _Product \nVRMF_ | _Remediation_ \n---|---|--- \nIBM Cloud Application Performance Management, Base Private \n \nIBM Cloud Application Performance Management, Advanced Private | _8.1.4_ | The vulnerabilities can be remediated by applying the Core Framework interim fix 8.1.4.0-IBM-APM-CORE-FRAMEWORK-APM-IF0008 to all systems where Cloud APM agents are installed: \n[https://www-01.ibm.com/support/docview.wss?rs=0&amp;uid=isg400004242](<https://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400004242>) \nIBM Cloud Application Performance Management | _SaaS_ | \n\nAfter your subscription is upgraded to V8.1.4, the vulnerabilities can be remediated by either \n \na) downloading the Core Framework interim fix 8.1.4.0-IBM-APM-CORE-FRAMEWORK-APM-IF0008 to all systems where Cloud APM agents are installed and applying the fix by following the instructions at this link: \n[https://www-01.ibm.com/support/docview.wss?rs=0&amp;uid=isg400004242](<https://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400004242>) \n \nb) downloading the Cloud APM agent packages for the operating systems that your agents run on and using the downloaded packages to upgrade existing agents to use the updated Core Framework or to install new agents with the updated Core Framework. \n \nPlease refer to the link <https://www.ibm.com/support/knowledgecenter/SSMKFH/com.ibm.apmaas.doc/install/download_agents_intro.htm> for details \non downloading agent packages from IBM Marketplace \n \nPlease refer to the link <https://www.ibm.com/support/knowledgecenter/SSMKFH/com.ibm.apmaas.doc/install/install_agent_upgrade.htm> or details on upgrading existing agents. \n \nPlease refer to the link <https://www.ibm.com/support/knowledgecenter/SSMKFH/com.ibm.apmaas.doc/install/install_intro.htm> \nfor details on installing new agents. \n \nIBM Monitoring \nIBM Application Diagnostics \nIBM Application Performance Management \nIBM Application Performance Management Advanced | _8.1.3_ | \n\nThe vulnerabilities can be remediated by applying the Core Framework interim fix 8.1.3.0-IBM-IPM-CORE-FRAMEWORK-IPM-IF0009 to all systems where Performance Management agents are installed:\n\n<https://www-01.ibm.com/support/docview.wss?uid=ibm10879839> \n \n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2019-04-12T07:10:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affect IBM Performance Management products", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-13785", "CVE-2018-3136", "CVE-2018-3139", "CVE-2018-3149", "CVE-2018-3180", "CVE-2018-3214"], "modified": "2019-04-12T07:10:01", "id": "07D6258F5E18A9950A99EFA29106C783C2F3EBA165AF62708A646CF9882FAEC0", "href": "https://www.ibm.com/support/pages/node/880649", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:45:06", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 used by IBM Security Access Manager Appliance. IBM Security Access Manager Appliance has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2017-3732](<https://vulners.com/cve/CVE-2017-3732>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121313> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2016-0705](<https://vulners.com/cve/CVE-2016-0705>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111140> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-1517](<https://vulners.com/cve/CVE-2018-1517>) \n**DESCRIPTION:** A flaw in the java.math component in IBM SDK, Java Technology Edition may allow an attacker to inflict a denial-of-service attack with specially crafted String data. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141681> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-1656](<https://vulners.com/cve/CVE-2018-1656>) \n**DESCRIPTION:** The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) does not protect against path traversal attacks when extracting compressed dump files. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144882> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2964](<https://vulners.com/cve/CVE-2018-2964>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146827> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2973](<https://vulners.com/cve/CVE-2018-2973>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JSSE component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146835> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2952](<https://vulners.com/cve/CVE-2018-2952>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146815> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2940](<https://vulners.com/cve/CVE-2018-2940>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146803> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2017-3732](<https://vulners.com/cve/CVE-2017-3732>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121313> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2016-0705](<https://vulners.com/cve/CVE-2016-0705>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111140> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-1517](<https://vulners.com/cve/CVE-2018-1517>) \n**DESCRIPTION:** A flaw in the java.math component in IBM SDK, Java Technology Edition may allow an attacker to inflict a denial-of-service attack with specially crafted String data. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141681> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-1656](<https://vulners.com/cve/CVE-2018-1656>) \n**DESCRIPTION:** The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) does not protect against path traversal attacks when extracting compressed dump files. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144882> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2964](<https://vulners.com/cve/CVE-2018-2964>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146827> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2973](<https://vulners.com/cve/CVE-2018-2973>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JSSE component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146835> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2952](<https://vulners.com/cve/CVE-2018-2952>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146815> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2940](<https://vulners.com/cve/CVE-2018-2940>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146803> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-12539](<https://vulners.com/cve/CVE-2018-12539>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a local attacker to gain elevated privileges on the system, caused by the failure to restrict the use of Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations to only the process owner. An attacker could exploit this vulnerability to execute untrusted native code and gain elevated privileges on the system. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148389> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-1567](<https://vulners.com/cve/CVE-2018-1567>) \n**DESCRIPTION:** IBM WebSphere Application Server could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143024> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Security Access Manager Appliance 7.0.0.34 and below.\n\nIBM Security Access Manager Appliance 8.0.1.17 and below.\n\n## Remediation/Fixes\n\n**Product** | **VRMF** | **APAR** | **Remediation** \n---|---|---|--- \nIBM Security Access Manager for Web | 7.0 - 7.0.0.32 (appliance) | IJ10081 | Apply Interim Fix 35: \n[7.0.0-ISS-WGA-IF0035](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=7.0.0&platform=All&function=all>) \nIBM Security Access Manager for Web | 8.0.0.0 - \n8.0.1.8 | IJ11038 | \n\n1\\. For versions prior to 8.0.1.8, upgrade to 8.0.1.8: \n[_8.0.1-ISS-WGA-FP0008_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=8.0.1.3&platform=All&function=all>)_ _\n\n2\\. Apply 8.0.1.8 IF1: \n[_8.0.1.8-ISS-WGA-IF0001_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=8.0.1.8&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-12-11T22:20:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Access Manager Appliance", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0705", "CVE-2017-3732", "CVE-2017-3736", "CVE-2018-12539", "CVE-2018-1517", "CVE-2018-1567", "CVE-2018-1656", "CVE-2018-2940", "CVE-2018-2952", "CVE-2018-2964", "CVE-2018-2973"], "modified": "2018-12-11T22:20:01", "id": "85C244F40F078C64D61F63F2C6CB1A6851B539CC7B4530BE8884CFAD733EEA2C", "href": "https://www.ibm.com/support/pages/node/740419", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-23T21:46:51", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition Version 7 that is used by IBM Cognos Planning. These issues were disclosed as part of the IBM Java SDK updates in July 2018. \n\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information.\n\n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2017-3732](<https://vulners.com/cve/CVE-2017-3732>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121313> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2016-0705](<https://vulners.com/cve/CVE-2016-0705>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111140> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-1517](<https://vulners.com/cve/CVE-2018-1517>) \n**DESCRIPTION:** A flaw in the java.math component in IBM SDK, Java Technology Edition may allow an attacker to inflict a denial-of-service attack with specially crafted String data. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141681> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-1656](<https://vulners.com/cve/CVE-2018-1656>) \n**DESCRIPTION:** The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) does not protect against path traversal attacks when extracting compressed dump files. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144882> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2973](<https://vulners.com/cve/CVE-2018-2973>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JSSE component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146835> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2952](<https://vulners.com/cve/CVE-2018-2952>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146815> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-12539](<https://vulners.com/cve/CVE-2018-12539>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a local attacker to gain elevated privileges on the system, caused by the failure to restrict the use of Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations to only the process owner. An attacker could exploit this vulnerability to execute untrusted native code and gain elevated privileges on the system. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148389> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Cognos Planning 10.2.1\n\nIBM Cognos Planning 10.2.0\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix as soon as practical. As the fix is in a shared component across the IBM Cognos Business Intelligence portfolio, applying the Cognos Business Intelligence 10.2.2 Interim Fix will resolve the issue. \n\n\n| Version | Interim Fix \n---|---|--- \nIBM Cognos Planning | 10.2.1 | [IBM Cognos Business Intelligence 10.2.2 Interim Fix 21 (Implemented by file 10.2.6110.514)](<http://www.ibm.com/support/docview.wss?uid=ibm10743129>) \nIBM Cognos Planning | 10.2.0 | [IBM Cognos Business Intelligence 10.2.2 Interim Fix 21 (Implemented by file 10.2.6110.514)](<http://www.ibm.com/support/docview.wss?uid=ibm10743129>) \n \n## \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-07T15:55:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Planning", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0705", "CVE-2017-3732", "CVE-2017-3736", "CVE-2018-12539", "CVE-2018-1517", "CVE-2018-1656", "CVE-2018-2952", "CVE-2018-2973"], "modified": "2019-05-07T15:55:01", "id": "D70C0CFD2132EBB5AAF3CF53E301E73B5E5845FB7B0FC143B5DBE6CBAF3A884B", "href": "https://www.ibm.com/support/pages/node/882734", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-23T21:47:23", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 7 used by IBM Cognos Business Intelligence 10.2.2 and 10.2.1.1. IBM Cognos Business Intelligence has addressed the applicable CVEs. \n \nThese issues were disclosed as part of the IBM Java SDK updates in July 2018. \n \n \n \n\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information.\n\n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2017-3732](<https://vulners.com/cve/CVE-2017-3732>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121313> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2016-0705](<https://vulners.com/cve/CVE-2016-0705>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111140> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-1517](<https://vulners.com/cve/CVE-2018-1517>) \n**DESCRIPTION:** A flaw in the java.math component in IBM SDK, Java Technology Edition may allow an attacker to inflict a denial-of-service attack with specially crafted String data. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141681> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-1656](<https://vulners.com/cve/CVE-2018-1656>) \n**DESCRIPTION:** The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) does not protect against path traversal attacks when extracting compressed dump files. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144882> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2973](<https://vulners.com/cve/CVE-2018-2973>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JSSE component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146835> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2952](<https://vulners.com/cve/CVE-2018-2952>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146815> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-12539](<https://vulners.com/cve/CVE-2018-12539>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a local attacker to gain elevated privileges on the system, caused by the failure to restrict the use of Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations to only the process owner. An attacker could exploit this vulnerability to execute untrusted native code and gain elevated privileges on the system. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148389> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Cognos Business Intelligence Server 10.2.2 \nIBM Cognos Business Intelligence Server 10.2.1.1 \n\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix for versions listed as soon as practical.\n\n * [IBM Cognos Business Intelligence 10.2.1.1 Interim Fix 24 (Implemented by file 10.2.5013.516)](<http://www.ibm.com/support/docview.wss?uid=ibm10743129>)\n * [IBM Cognos Business Intelligence 10.2.2 Interim Fix 21 (Implemented by file 10.2.6110.514)](<http://www.ibm.com/support/docview.wss?uid=ibm10743129>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-24T20:50:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Business Intelligence", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0705", "CVE-2017-3732", "CVE-2017-3736", "CVE-2018-12539", "CVE-2018-1517", "CVE-2018-1656", "CVE-2018-2952", "CVE-2018-2973"], "modified": "2019-04-24T20:50:01", "id": "EDB34CD93CDAF5921CF795AC72A6405C79962D06DE79535AF74133F2884DA4EB", "href": "https://www.ibm.com/support/pages/node/882292", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-23T21:47:17", "description": "## Summary\n\nThere are vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition Version 7 used by Rational Reporting for Development Intelligence (RRDI). The issues were disclosed as part of the IBM Java SDK updates in July 2018.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2017-3732](<https://vulners.com/cve/CVE-2017-3732>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121313> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2016-0705](<https://vulners.com/cve/CVE-2016-0705>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111140> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-1517](<https://vulners.com/cve/CVE-2018-1517>) \n**DESCRIPTION:** A flaw in the java.math component in IBM SDK, Java Technology Edition may allow an attacker to inflict a denial-of-service attack with specially crafted String data. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141681> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-1656](<https://vulners.com/cve/CVE-2018-1656>) \n**DESCRIPTION:** The IBM Java Runtime Environment''s Diagnostic Tooling Framework for Java (DTFJ) does not protect against path traversal attacks when extracting compressed dump files. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144882> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2973](<https://vulners.com/cve/CVE-2018-2973>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JSSE component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146835> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2952](<https://vulners.com/cve/CVE-2018-2952>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146815> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-12539](<https://vulners.com/cve/CVE-2018-12539>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a local attacker to gain elevated privileges on the system, caused by the failure to restrict the use of Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations to only the process owner. An attacker could exploit this vulnerability to execute untrusted native code and gain elevated privileges on the system. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148389> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nRRDI 5.0, 5.0.1 and 5.0.2 | Cognos BI 10.2.1 Fix pack 2 \n \n## Remediation/Fixes\n\nApply the recommended fixes to all affected versions of RRDI. \n\n \nDownload the [IBM Cognos Business Intelligence 10.2.1.1 Interim Fix 24 (Implemented by file 10.2.5013.516)](<https://www-01.ibm.com/support/docview.wss?uid=ibm10743129>) . \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-29T15:20:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Reporting for Development Intelligence", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0705", "CVE-2017-3732", "CVE-2017-3736", "CVE-2018-12539", "CVE-2018-1517", "CVE-2018-1656", "CVE-2018-2952", "CVE-2018-2973"], "modified": "2019-04-29T15:20:01", "id": "98C2299E82C81E1CC3EFB8629E8262393014376C64F3F09018090397A1EA00AE", "href": "https://www.ibm.com/support/pages/node/882754", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-11T15:37:25", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java Technology Edition, Version 1.7 and 1.8 that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM). These issues were disclosed as part of the IBM Java SDK updates in July 2018. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2017-3732](<https://vulners.com/cve/CVE-2017-3732>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121313> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2016-0705](<https://vulners.com/cve/CVE-2016-0705>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111140> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2973](<https://vulners.com/cve/CVE-2018-2973>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JSSE component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146835> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2952](<https://vulners.com/cve/CVE-2018-2952>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146815> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-1517](<https://vulners.com/cve/CVE-2018-1517>) \n**DESCRIPTION:** A flaw in the java.math component in IBM SDK, Java Technology Edition may allow an attacker to inflict a denial-of-service attack with specially crafted String data. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141681> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-1656](<https://vulners.com/cve/CVE-2018-1656>) \n**DESCRIPTION:** The IBM Java Runtime Environment''s Diagnostic Tooling Framework for Java (DTFJ) does not protect against path traversal attacks when extracting compressed dump files. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144882> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2973](<https://vulners.com/cve/CVE-2018-2973>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JSSE component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146835> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-12539](<https://vulners.com/cve/CVE-2018-12539>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a local attacker to gain elevated privileges on the system, caused by the failure to restrict the use of Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations to only the process owner. An attacker could exploit this vulnerability to execute untrusted native code and gain elevated privileges on the system. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148389> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nRational Collaborative Lifecycle Management 5.0 - 6.0.6 \n \nRational Quality Manager 5.0 - 5.0.2 \nRational Quality Manager 6.0 - 6.0.6 \n \nRational Team Concert 5.0 - 5.0.2 \nRational Team Concert 6.0 - 6.0.6 \n \nRational DOORS Next Generation 5.0 - 5.0.2 \nRational DOORS Next Generation 6.0 - 6.0.6 \n \nRational Engineering Lifecycle Manager 5.0 - 5.0.2 \nRational Engineering Lifecycle Manager 6.0 - 6.0.6 \n \nRational Rhapsody Design Manager 5.0 - 5.0.2 \nRational Rhapsody Design Manager 6.0 - 6.0.6 \n \nRational Software Architect Design Manager 5.0 - 5.0.2 \nRational Software Architect Design Manager 6.0 - 6.0.1\n\n## Remediation/Fixes\n\n**IMPORTANT CONSIDERATIONS:**\n\n 1. If your product is deployed on WebSphere Application Server (WAS) and your deployment does not use an Eclipse based client nor the RM Browser plugin, then it is sufficient to continue using the existing version of your IBM Rational product, and only upgrade the JRE in the WAS server.\n 2. For the below remediations, if you have a WAS deployment, then WAS must also be remediated, in addition to performing your product upgrades. Follow instructions at [Security Bulletin: Multiple Vulnerabilities in IBM\u00ae Java SDK affects WebSphere Application Server July 2018 CPU](<https://www.ibm.com/support/docview.wss?uid=ibm10729349>) to get the WAS remediation.\n 3. If you are deploying the Rational products to a WAS Liberty or a Tomcat Server, you will need to follow the instructions below to upgrade the JRE, and then must also configure to complete the upgrade process:\n * **Stop the server**: Navigate to the Server directory in your Ratonal product installation path and run this script: _server.shutdown_\n * **Navigate to the server directory** in your Rational product installation path, open **_server.startup_**_ _script using prefered text editor (e.g., Notepad for Windows or Vim Editor for Linux) and add one more option to the healthcenter parameter set: \n * Search parameter _-Dcom.ibm.java.diagnostics.healthcenter.agent_ in server.startup script to find the line containing the health center parameter. \nNOTE: For some Rational Collaborative Lifecycle Management versions, _ -Dcom.ibm.java.diagnostics.healthcenter.agent_ parameter may not be found in the server.startup, in this case the update is not needed and you can start using your server. \n**Windows:** \nComment out the line (where HEALTHCENTER_OPTS parameter located) by inserting \"rem \" at the beginning of the line: \n**_Before modification:_** \n_set HEALTHCENTER_OPTS=-agentlib:healthcenter_ **_ ... \nAfter modification:_** \n_rem set HEALTHCENTER_OPTS=-agentlib:healthcenter ..._ \n**Linux:** \nComment out the line (where HEALTHCENTER_OPTS parameter located) by inserting \"# \" at the beginning of the line: \n**_Before modification:_** \n_export HEALTHCENTER_OPTS=\"-agentlib:healthcenter_ **_ ... \nAfter modification:_** \n_# export HEALTHCENTER_OPTS=\"-agentlib:healthcenter ..._\n * **Start the server**. Navigate to the Server directory in your Rational product installation path and run this script: _server.startup. _\n\n \n**STEPS TO APPLY THE REMEDIATION:** \n \n1\\. Optionally, upgrade your products to an Extended Maintenance Release version: 5.0.2 or 6.0.2. Or optionally, upgrade to the latest 6.0.x version. \n \n2\\. Optionally, apply the latest ifix for your installed version. \n \n3\\. Obtain the latest Java JRE CPU update for the IBM Java SDK using the following information.\n\n * For the 6.0.6 release: **JRE 7.1.4.30****_(&lt;product&gt;-JavaSE-JRE-7.1SR4FP30_**) or **JRE 8.0.5.20****_(&lt;product&gt;-JavaSE-JRE-8.0SR15FP20_**)\n * [_Rational Collaborative Lifecycle Management 6.0.6_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.6&platform=All&function=all>)\n * For the 6.0.2 release: **JRE 7.1.4._30_****_(&lt;product&gt;-JavaSE-JRE-7.1SR4FP30_**) \n * [_Rational Collaborative Lifecycle Management 6.0.2_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.2&platform=All&function=all>)\n * For the 5.x releases: \n * IBM SDK Java\u2122 Technology Edition, Version 6 is no longer supported on distributed platforms. IBM Collaborative Lifecycle Management (CLM) products version 5.x use Java 6 and are affected. IBM highly recommends customers to upgrade to Extended Maintenance Release 6.0.2 for those wishing the stability and support of an EMR release, or to the latest 6.0.x version for those desiring the latest features. For additional details review: _[Impact to CLM 5.x suite of products due to Java 6 EOS](<http://www.ibm.com/support/docview.wss?uid=swg22015069>)_\n\n4\\. Upgrade your JRE following the instructions in the link below: \n[_How to update the IBM SDK for Java of IBM Rational products based on version 3.0.1.6 or later of IBM's Jazz technology_](<http://www.ibm.com/support/docview.wss?uid=swg21674139>) \n \n5\\. Navigate to the server directory in your Rational product installation path, and go to jre/lib/security path. \n \n6\\. Optionallly, If you have not performed a Licenses upgrade as described in the link below, please follow the instructions to complete the setup:\n\n_[No IBM Rational trial, server, or client access licenses available after upgrading Java and/or listed products](<http://www.ibm.com/support/docview.wss?uid=swg22008957>)_\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-28T18:35:50", "type": "ibm", "title": "Security Bulletin: Security Vulnerabilities in IBM\u00ae Java SDK affect multiple IBM Rational products based on IBM Jazz technology July 2018 CPU", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0705", "CVE-2017-3732", "CVE-2017-3736", "CVE-2018-12539", "CVE-2018-1517", "CVE-2018-1656", "CVE-2018-2952", "CVE-2018-2973"], "modified": "2021-04-28T18:35:50", "id": "8EB2C9E7DB5013AD05B30490E2989C17EE64FBE9B0024B1E76805B1F1B95B816", "href": "https://www.ibm.com/support/pages/node/731507", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-23T21:48:06", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition used by IBM Monitoring. IBM Monitoring has addressed the applicable CVEs. \n \n\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-3139](<https://vulners.com/cve/CVE-2018-3139>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151455> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-3136](<https://vulners.com/cve/CVE-2018-3136>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151452> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-3180](<https://vulners.com/cve/CVE-2018-3180>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JSSE component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151497> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-3149](<https://vulners.com/cve/CVE-2018-3149>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151465> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3169](<https://vulners.com/cve/CVE-2018-3169>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151486> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-3183](<https://vulners.com/cve/CVE-2018-3183>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Scripting component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151500> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Monitoring 8.1.3 \nIBM Application Diagnostics 8.1.3 \nIBM Application Performance Management 8.1.3 \nIBM Application Performance Management Advanced 8.1.3 \nIBM Cloud Application Performance Management, Base Private 8.1.4 \nIBM Cloud Application Performance Management, Advanced Private 8.1.4 \nIBM Cloud Application Performance Management\n\n## Remediation/Fixes\n\nProduct | Product VRMF | Remediation \n---|---|--- \n \nIBM Application Performance Management, Base Private\n\nIBM Application Performance Management, Advanced Private\n\n| 8.1.4 | \n\nThe vulnerabilities can be remediated by applying the following 8.1.4.0-IBM-APM-SERVER-IF0008 server patch to the system where the Cloud APM server is installed: <https://www.ibm.com/support/docview.wss?uid=ibm10874776>\n\nThe vulnerabilities can be remediated by applying the following 8.1.4.0-IBM-APM-GATEWAY-IF0006 Hybrid Gateway patch to the system where the Hybrid Gateway is installed: <https://www-01.ibm.com/support/docview.wss?uid=ibm10874996> \n \nIBM Monitoring\n\nIBM Application Diagnostics\n\nIBM Application Performance Management\n\nIBM Application Performance Management Advanced\n\n| 8.1.3 | \n\nThe vulnerabilities can be remediated by applying the following 8.1.3.0-IBM-IPM-SERVER-IF0015 server patch to the system where the APM server is installed: [https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FTivoli&amp;product=ibm/Tivoli/IBM+Tivoli+Monitoring&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=8.1.3.0-IBM-IPM-SERVER-IF0015&amp;includeSupersedes=0&amp;source=fc](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FTivoli&product=ibm/Tivoli/IBM+Tivoli+Monitoring&release=All&platform=All&function=fixId&fixids=8.1.3.0-IBM-IPM-SERVER-IF0015&includeSupersedes=0&source=fc>)\n\nThe vulnerabilities can be remediated by applying the following 8.1.3.0-IBM-IPM-GATEWAY-IF0011 Hybrid Gateway patch to the system where the Hybrid Gateway is installed: [https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FTivoli&amp;product=ibm/Tivoli/IBM+Tivoli+Monitoring&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=8.1.3.0-IBM-IPM-GATEWAY-IF0011&amp;includeSupersedes=0&amp;source=fc](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FTivoli&product=ibm/Tivoli/IBM+Tivoli+Monitoring&release=All&platform=All&function=fixId&fixids=8.1.3.0-IBM-IPM-GATEWAY-IF0011&includeSupersedes=0&source=fc>) \n \nIBM Cloud Application Performance Management | N/A | The vulnerabilities can be remediated by applying the following 8.1.4.0-IBM-APM-GATEWAY-IF0006 Hybrid Gateway patch to the system where the Hybrid Gateway is installed: <https://www-01.ibm.com/support/docview.wss?uid=ibm10874996> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-04-03T13:25:02", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Performance Management products", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-3136", "CVE-2018-3139", "CVE-2018-3149", "CVE-2018-3169", "CVE-2018-3180", "CVE-2018-3183"], "modified": "2019-04-03T13:25:02", "id": "362CACACD7776045B3E9E86EB075DC5529A30525FDC38946CD5F9999C1B4D477", "href": "https://www.ibm.com/support/pages/node/878861", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:45:42", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 6 used by IBM Security Guardium Data Redaction. IBM Security Guardium Data Redaction has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-0705](<https://vulners.com/cve/CVE-2016-0705>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111140> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-1517](<https://vulners.com/cve/CVE-2018-1517>) \n**DESCRIPTION:** A flaw in the java.math component in IBM SDK, Java Technology Edition may allow an attacker to inflict a denial-of-service attack with specially crafted String data. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141681> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-1656](<https://vulners.com/cve/CVE-2018-1656>) \n**DESCRIPTION:** The IBM Java Runtime Environment''s Diagnostic Tooling Framework for Java (DTFJ) does not protect against path traversal attacks when extracting compressed dump files. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144882> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2964](<https://vulners.com/cve/CVE-2018-2964>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146827> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-1517](<https://vulners.com/cve/CVE-2018-1517>) \n**DESCRIPTION:** A flaw in the java.math component in IBM SDK, Java Technology Edition may allow an attacker to inflict a denial-of-service attack with specially crafted String data. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141681> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-1656](<https://vulners.com/cve/CVE-2018-1656>) \n**DESCRIPTION:** The IBM Java Runtime Environment''s Diagnostic Tooling Framework for Java (DTFJ) does not protect against path traversal attacks when extracting compressed dump files. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144882> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-12539](<https://vulners.com/cve/CVE-2018-12539>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a local attacker to gain elevated privileges on the system, caused by the failure to restrict the use of Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations to only the process owner. An attacker could exploit this vulnerability to execute untrusted native code and gain elevated privileges on the system. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148389> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Security Guardium Data Redaction V2.5.1\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_ | _Remediation/First Fix_ \n---|---|--- \nIBM Security Guardium Data Redaction** ** | 2.5.1 | http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%2BSecurity&amp;product=ibm/Information+Management/InfoSphere+Guardium&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=Guardium_DataRedaction_2.5.1_SecurityUpdate_2018-11-12&amp;includeSupersedes=0&amp;source=fc \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-20T15:55:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium Data Redaction", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0705", "CVE-2018-12539", "CVE-2018-1517", "CVE-2018-1656", "CVE-2018-2964"], "modified": "2018-11-20T15:55:01", "id": "EC3D8B78929CEE29AEF21A1B489AE5D843D897B3C4D451E9206D6EE31CC77C0D", "href": "https://www.ibm.com/support/pages/node/731641", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T21:46:07", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM Java Runtime Environment, Versions 7 and 8 that are used by Rational Publishing Engine.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-0705](<https://vulners.com/cve/CVE-2016-0705>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111140> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2017-3732](<https://vulners.com/cve/CVE-2017-3732>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121313> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-1656](<https://vulners.com/cve/CVE-2018-1656>) \n**DESCRIPTION:** The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) does not protect against path traversal attacks when extracting compressed dump files. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144882> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-12539](<https://vulners.com/cve/CVE-2018-12539>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a local attacker to gain elevated privileges on the system, caused by the failure to restrict the use of Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations to only the process owner. An attacker could exploit this vulnerability to execute untrusted native code and gain elevated privileges on the system. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148389> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nRational Publishing Engine 2.1.0 \nRational Publishing Engine 2.1.1 \nRational Publishing Engine 2.1.2 \nRational Publishing Engine 6.0.5 \nRational Publishing Engine 6.0.6\n\n## Remediation/Fixes\n\nFor Rational Publishing Engine 6.0.5 and 6.0.6, upgrade the IBM Java Runtime environment used with Rational Publishing Engine to version 8.0.5.20, which can be downloaded from: \n[Rational-RPE-JavaSE-JRE-8.0SR5FP20 ](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FIBM+Rational+Publishing+Engine&fixids=Rational-RPE-JavaSE-JRE-8.0SR5FP20&source=SAR>)\n\nFor Rational Publishing Engine 2.1.0, 2.1.1 and 2.1.2 versions, upgrade the IBM Java Runtime environment used with Rational Publishing Engine to version 7.1.4.30, which can be downloaded from: \n[Rational-RPE-JavaSE-JRE-7.1SR4FP30 ](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FIBM+Rational+Publishing+Engine&fixids=Rational-RPE-JavaSE-JRE-7.1SR4FP30&source=SAR>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-02T15:50:02", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in IBM Java Runtime affect Rational Publishing Engine", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0705", "CVE-2017-3732", "CVE-2017-3736", "CVE-2018-12539", "CVE-2018-1656"], "modified": "2018-11-02T15:50:02", "id": "EF2B4F4110ACF96FDC34CF6D7B916C577277400859F5F464947088E0CE635995", "href": "https://www.ibm.com/support/pages/node/738347", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T21:44:41", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 that is used by IBM Spectrum Protect (formerly Tivoli Storage Manager) Operations Center and IBM Spectrum Protect (formerly Tivoli Storage Manager) Client Management Service. These issues were disclosed as part of the IBM Java SDK updates in July 2018. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-0705](<https://vulners.com/cve/CVE-2016-0705>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111140> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2017-3732](<https://vulners.com/cve/CVE-2017-3732>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121313> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-1656](<https://vulners.com/cve/CVE-2018-1656>) \n**DESCRIPTION:** The IBM Java Runtime Environment''s Diagnostic Tooling Framework for Java (DTFJ) does not protect against path traversal attacks when extracting compressed dump files. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144882> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-12539](<https://vulners.com/cve/CVE-2018-12539>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a local attacker to gain elevated privileges on the system, caused by the failure to restrict the use of Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations to only the process owner. An attacker could exploit this vulnerability to execute untrusted native code and gain elevated privileges on the system. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148389> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nThe following levels of IBM Spectrum Protect (formerly Tivoli Storage Manager) Operations Center are affected:\n\n * 8.1.0.000 through 8.1.6.000\n * 7.1.0.000 through 7.1.9.100\n\n \nThe following levels of IBM Spectrum Protect (formerly Tivoli Storage Manager) Client Management Services (CMS) are affected:\n\n * 8.1.0.000 through 8.1.6.000\n * 7.1.0.000 through 7.1.9.100\n\n## Remediation/Fixes\n\n**Operations \nCenter \nRelease**\n\n| **First Fixing \nVRM Level** | \n \n**Platform** | \n \n**Link to Fix** \n---|---|---|--- \n8.1 | 8.1.6.100 | AIX \nLinux \nWindows | <ftp://public.dhe.ibm.com/storage/tivoli-storage-management/patches/opcenter/8.1.6.100> \n7.1 | 7.1.9.200 | AIX \nLinux \nWindows | <ftp://public.dhe.ibm.com/storage/tivoli-storage-management/patches/opcenter/7.1.9.200> \n \n.\n\n**Client \nManagement Service (CMS) \nRelease** | **First Fixing \nVRM Level** | \n \n \n**Platform** | \n \n \n**Link to Fix** \n---|---|---|--- \n8.1 | 8.1.6.100 | Linux \nWindows | <ftp://public.dhe.ibm.com/storage/tivoli-storage-management/patches/cms/8.1.6.100> \n7.1 | 7.1.9.200 | Linux \nWindows | <ftp://public.dhe.ibm.com/storage/tivoli-storage-management/patches/cms/7.1.9.200> \n \n.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-01T00:25:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, CVE-2018-1656, CVE-2018-12539)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0705", "CVE-2017-3732", "CVE-2017-3736", "CVE-2018-12539", "CVE-2018-1656"], "modified": "2019-02-01T00:25:01", "id": "440F021094DE35C6A13F9FADEA7C56D6B4093B16EFDEAEC496EC398C5AC7A327", "href": "https://www.ibm.com/support/pages/node/735433", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T21:45:38", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Versions 7 and 8 that are used by Rational Developer for i and Rational Developer for AIX and Linux. These issues were disclosed as part of the IBM Java SDK updates in July 2018 (CVE-2017-3736 CVE-2017-3732 CVE-2016-0705 CVE-2018-1656 CVE-2018-12539). \n\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2017-3732](<https://vulners.com/cve/CVE-2017-3732>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121313> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2016-0705](<https://vulners.com/cve/CVE-2016-0705>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111140> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-1656](<https://vulners.com/cve/CVE-2018-1656>) \n**DESCRIPTION:** The IBM Java Runtime Environment''s Diagnostic Tooling Framework for Java (DTFJ) does not protect against path traversal attacks when extracting compressed dump files. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144882> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-12539](<https://vulners.com/cve/CVE-2018-12539>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a local attacker to gain elevated privileges on the system, caused by the failure to restrict the use of Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations to only the process owner. An attacker could exploit this vulnerability to execute untrusted native code and gain elevated privileges on the system. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148389> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Product Name**\n\n| **Versions Affected** \n---|--- \nRational Developer for i, RPG and COBOL Tools, Modernization Tools- Java Edition, Modernization Tools- EGL Edition | 9.0, 9.0.0.1, 9.0.1, 9.1, 9.1.1, 9.1.1.1, 9.5, 9.5.0.1, 9.5.0.2, 9.5.0.3, 9.5.1, 9.5.1.1, 9.5.1.2, 9.6, 9.6.0.1, 9.6.0.2, 9.6.0.3, 9.6.0.4 \nRational Developer for AIX and Linux, AIX COBOL Edition | 9.0, 9.0.0.1, 9.0.1, 9.1, 9.1.1, 9.1.1.1, 9.1.1.2, 9.1.1.3, 9.1.1.4 \nRational Developer for AIX and Linux, C/C++ Edition | 9.0, 9.0.0.1, 9.0.1, 9.1, 9.1.1, 9.1.1.1, 9.1.1.2, 9.1.1.3, 9.1.1.4 \n \n## Remediation/Fixes\n\nUpdate the IBM SDK, Java Technology Edition of the product to address this vulnerability:\n\n**Product**\n\n| **VRMF** | **Remediation/First Fix** \n---|---|--- \nRational Developer for i | 9.0 through to 9.1.1.1 | \n\n * For all versions, update the currently installed product using Installation Manager. ** **For instructions on installing this update using Installation Manager, review the topic [_Updating Installed Product Packages_](<http://www.ibm.com/support/knowledgecenter/SSAE4W_9.1.1/com.ibm.etools.iseries.install.doc/topics/t_upgrading.html>) in the IBM Knowledge Center.\n * Or, you can optionally download the update manually and apply interim fix: [IBM SDK Java Technology Edition Critical Patch Update - July 2018 - RDi](<http://www.ibm.com/support/docview.wss?uid=ibm10740445>). Make sure to click on the **Java 7.0** **Update** FC link to update to IBM Java 7 SR10 FP30. \nRational Developer for i | 9.5 through to 9.6.0.4 | \n\n * For all versions, update the currently installed product using Installation Manager. ** ** For instructions on installing this update using Installation Manager, review the topic [_Updating Installed Product Packages_ ](<http://www.ibm.com/support/knowledgecenter/SSAE4W_9.6.0/com.ibm.etools.iseries.install.doc/topics/t_upgrading.html>) in the IBM Knowledge Center.\n * Or, you can optionally download the update manually and apply interim fix: [IBM SDK Java Technology Edition Critical Patch Update - July 2018 - RDi](<http://www.ibm.com/support/docview.wss?uid=ibm10740445>). Make sure to click on the **Java 8.0** **Update** FC link to update to IBM Java 8 SR5 FP20. \nRational Developer for AIX and Linux | 9.0 through to 9.1.1.4 | \n\n * For all client versions, update the currently installed product using Installation Manager. For instructions on installing this update using Installation Manager, review the topic [_Updating Installed Product Packages_](<http://www.ibm.com/support/knowledgecenter/SSPSQF_9.1.1/com.ibm.etools.install.rdal.doc/topics/t_upgrading.html>) in the IBM Knowledge Center.\n * Or, you can optionally download the update manually and apply interim fix: [IBM SDK Java Technology Edition Critical Patch Update - July 2018- RDAL](<http://www.ibm.com/support/docview.wss?uid=ibm10740465>). Make sure to click on the **Java 7.0** **Update** FC link to update to IBM Java 7 SR10 FP30. \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-22T17:20:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i and Rational Developer for AIX and Linux - July 2018", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0705", "CVE-2017-3732", "CVE-2017-3736", "CVE-2018-12539", "CVE-2018-1656"], "modified": "2018-11-22T17:20:01", "id": "3E4520A9DDDBF10F6B94F393C5ACDA44738184D5CB46AB64AABDC963283BECFE", "href": "https://www.ibm.com/support/pages/node/738743", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T21:47:29", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 6 used by IBM Security Guardium. These issues were disclosed as part of the IBM Java SDK updates in July 2018. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2017-3732](<https://vulners.com/cve/CVE-2017-3732>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121313> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2016-0705](<https://vulners.com/cve/CVE-2016-0705>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111140> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-1517](<https://vulners.com/cve/CVE-2018-1517>) \n**DESCRIPTION:** A flaw in the java.math component in IBM SDK, Java Technology Edition may allow an attacker to inflict a denial-of-service attack with specially crafted String data. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141681> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-1656](<https://vulners.com/cve/CVE-2018-1656>) \n**DESCRIPTION:** The IBM Java Runtime Environment''s Diagnostic Tooling Framework for Java (DTFJ) does not protect against path traversal attacks when extracting compressed dump files. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144882> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2964](<https://vulners.com/cve/CVE-2018-2964>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146827> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2973](<https://vulners.com/cve/CVE-2018-2973>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JSSE component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146835> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2952](<https://vulners.com/cve/CVE-2018-2952>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146815> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2940](<https://vulners.com/cve/CVE-2018-2940>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146803> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2017-3732](<https://vulners.com/cve/CVE-2017-3732>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121313> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2016-0705](<https://vulners.com/cve/CVE-2016-0705>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111140> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-1517](<https://vulners.com/cve/CVE-2018-1517>) \n**DESCRIPTION:** A flaw in the java.math component in IBM SDK, Java Technology Edition may allow an attacker to inflict a denial-of-service attack with specially crafted String data. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141681> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-1656](<https://vulners.com/cve/CVE-2018-1656>) \n**DESCRIPTION:** The IBM Java Runtime Environment''s Diagnostic Tooling Framework for Java (DTFJ) does not protect against path traversal attacks when extracting compressed dump files. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144882> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2964](<https://vulners.com/cve/CVE-2018-2964>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146827> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2973](<https://vulners.com/cve/CVE-2018-2973>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JSSE component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146835> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2952](<https://vulners.com/cve/CVE-2018-2952>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146815> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2940](<https://vulners.com/cve/CVE-2018-2940>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146803> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-12539](<https://vulners.com/cve/CVE-2018-12539>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a local attacker to gain elevated privileges on the system, caused by the failure to restrict the use of Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations to only the process owner. An attacker could exploit this vulnerability to execute untrusted native code and gain elevated privileges on the system. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148389> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Security Guardium V10.0 - 10.5\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_ | _Remediation/First Fix_ \n---|---|--- \nIBM Security Guardium ** ** | 10.0 - 10.5 | https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FInformation+Management%2FInfoSphere+Guardium&amp;fixids=SqlGuard_10.0p512_Sep-24-2018&amp;source=SAR&amp;function=fixId&amp;parent=IBM%20Security \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-09-28T04:30:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0705", "CVE-2017-3732", "CVE-2017-3736", "CVE-2018-12539", "CVE-2018-1517", "CVE-2018-1656", "CVE-2018-2940", "CVE-2018-2952", "CVE-2018-2964", "CVE-2018-2973"], "modified": "2018-09-28T04:30:01", "id": "87B26C2B63AF8A971A79B4CB2207EC51AF74A57FD839002466AFD594F7918F65", "href": "https://www.ibm.com/support/pages/node/732785", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T21:45:39", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 6, Version 7 ,version 8, that is used by IBM Tivoli Composite Application Manager for Transactions - Robotic Response Time. These issues were disclosed as part of the IBM Java SDK updates in July 2018.\n\n## Vulnerability Details\n\nRelevant CVEs:\n\nCVE-2017-3736 CVE-2017-3732 CVE-2016-0705 CVE-2018-1517 CVE-2018-1656 CVE-2018-2964 CVE-2018-2973 CVE-2018-2952 CVE-2018-2940 CVE-2017-3736 CVE-2017-3732 CVE-2016-0705 CVE-2018-1517 CVE-2018-1656 CVE-2018-2964 CVE-2018-2973 CVE-2018-2952 CVE-2018-2940 CVE-2018-12539\n\n#### Relevant CVE Information:\n\n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2017-3732](<https://vulners.com/cve/CVE-2017-3732>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121313> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2016-0705](<https://vulners.com/cve/CVE-2016-0705>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111140> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-1517](<https://vulners.com/cve/CVE-2018-1517>) \n**DESCRIPTION:** A flaw in the java.math component in IBM SDK, Java Technology Edition may allow an attacker to inflict a denial-of-service attack with specially crafted String data. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141681> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-1656](<https://vulners.com/cve/CVE-2018-1656>) \n**DESCRIPTION:** The IBM Java Runtime Environment''s Diagnostic Tooling Framework for Java (DTFJ) does not protect against path traversal attacks when extracting compressed dump files. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144882> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2964](<https://vulners.com/cve/CVE-2018-2964>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146827> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2973](<https://vulners.com/cve/CVE-2018-2973>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JSSE component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146835> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2952](<https://vulners.com/cve/CVE-2018-2952>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146815> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2940](<https://vulners.com/cve/CVE-2018-2940>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146803> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2017-3732](<https://vulners.com/cve/CVE-2017-3732>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121313> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2016-0705](<https://vulners.com/cve/CVE-2016-0705>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111140> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-1517](<https://vulners.com/cve/CVE-2018-1517>) \n**DESCRIPTION:** A flaw in the java.math component in IBM SDK, Java Technology Edition may allow an attacker to inflict a denial-of-service attack with specially crafted String data. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141681> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-1656](<https://vulners.com/cve/CVE-2018-1656>) \n**DESCRIPTION:** The IBM Java Runtime Environment''s Diagnostic Tooling Framework for Java (DTFJ) does not protect against path traversal attacks when extracting compressed dump files. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144882> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2964](<https://vulners.com/cve/CVE-2018-2964>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146827> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2973](<https://vulners.com/cve/CVE-2018-2973>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JSSE component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146835> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2952](<https://vulners.com/cve/CVE-2018-2952>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146815> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2940](<https://vulners.com/cve/CVE-2018-2940>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146803> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-12539](<https://vulners.com/cve/CVE-2018-12539>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a local attacker to gain elevated privileges on the system, caused by the failure to restrict the use of Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations to only the process owner. An attacker could exploit this vulnerability to execute untrusted native code and gain elevated privileges on the system. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148389> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Tivoli Composite Application Manager (ITCAM) for Transactions : 7.4 are affected\n\n## Remediation/Fixes\n\n**Product Name** | **VRMF** | **APAR** | **Remediation/First Fix** \n---|---|---|--- \nITCAM for Transactions | \n\n7.4.0.x\n\n| IJ10500 | \n\n7.4.0.1-TIV-CAMRT-IF0032 for different platforms:\n\n[7.4.0.1-TIV-CAMRT-AIX-IF0032](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FTivoli+Composite+Application+Manager+for+Transactions&fixids=7.4.0.1-TIV-CAMRT-AIX-IF0032&source=SAR&function=fixId&parent=Tivoli%20Composite%20Application%20Manager>)\n\n[7.4.0.1-TIV-CAMRT-LINUX-IF0032](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FTivoli+Composite+Application+Manager+for+Transactions&fixids=7.4.0.1-TIV-CAMRT-LINUX-IF0032&source=SAR&function=fixId&parent=Tivoli%20Composite%20Application%20Manager>)\n\n[ 7.4.0.1-TIV-CAMRT-WINDOWS-IF0032](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FTivoli+Composite+Application+Manager+for+Transactions&fixids=7.4.0.1-TIV-CAMRT-WINDOWS-IF0032&source=SAR&function=fixId&parent=Tivoli%20Composite%20Application%20Manager>) \n \n## Workarounds and Mitigations\n\nN/A\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-22T09:00:01", "type": "ibm", "title": "Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jul 2018 - Includes Oracle Jul 2018 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0705", "CVE-2017-3732", "CVE-2017-3736", "CVE-2018-12539", "CVE-2018-1517", "CVE-2018-1656", "CVE-2018-2940", "CVE-2018-2952", "CVE-2018-2964", "CVE-2018-2973"], "modified": "2018-11-22T09:00:01", "id": "757B616252D9C5ECF905DFAC8032FBD7AB4A8DAEFD48C0BADFE2734A2E87D1AE", "href": "https://www.ibm.com/support/pages/node/735807", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-22T01:47:37", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition affects IBM Cloud Manager with OpenStack. These issues were disclosed as part of the IBM Java SDK updates in July 2018. \n \nIBM Cloud Manager with OpenStack has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2017-3732](<https://vulners.com/cve/CVE-2017-3732>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121313> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2016-0705](<https://vulners.com/cve/CVE-2016-0705>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111140> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-1517](<https://vulners.com/cve/CVE-2018-1517>) \n**DESCRIPTION:** A flaw in the java.math component in IBM SDK, Java Technology Edition may allow an attacker to inflict a denial-of-service attack with specially crafted String data. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141681> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-1656](<https://vulners.com/cve/CVE-2018-1656>) \n**DESCRIPTION:** The IBM Java Runtime Environment''s Diagnostic Tooling Framework for Java (DTFJ) does not protect against path traversal attacks when extracting compressed dump files. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: