(RHSA-2023:3954) Critical: Red Hat Fuse 7.12 release and security update

2023-06-29T20:05:32

Description

This release of Red Hat Fuse 7.12 serves as a replacement for Red Hat Fuse 7.11 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. Security Fix(es): * hazelcast: Hazelcast connection caching (CVE-2022-36437) * spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security (CVE-2022-31692) * xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966) * Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920) * Apache CXF: SSRF Vulnerability (CVE-2022-46364) * Undertow: Infinite loop in SslConduit during close (CVE-2023-1108) * json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370) * springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860) * spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883) * jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name (CVE-2012-5783) * apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956) * undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492) * Moment.js: Path traversal in moment.locale (CVE-2022-24785) * batik: Server-Side Request Forgery (CVE-2022-38398) * batik: Server-Side Request Forgery (CVE-2022-38648) * batik: Server-Side Request Forgery (SSRF) vulnerability (CVE-2022-40146) * batik: Apache XML Graphics Batik vulnerable to code execution via SVG (CVE-2022-41704) * dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854) * codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881) * engine.io: Specially crafted HTTP request can trigger an uncaught exception (CVE-2022-41940) * postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions (CVE-2022-41946) * batik: Untrusted code execution in Apache XML Graphics Batik (CVE-2022-42890) * Apache CXF: directory listing / code exfiltration (CVE-2022-46363) * springframework: Spring Expression DoS Vulnerability (CVE-2023-20861) * shiro: Authentication bypass through a specially crafted HTTP request (CVE-2023-22602) * bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201) * tomcat: JsonErrorReportValve injection (CVE-2022-45143) For more details about the security issues, including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

{"id": "RHSA-2023:3954", "vendorId": null, "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2023:3954) Critical: Red Hat Fuse 7.12 release and security update", "description": "This release of Red Hat Fuse 7.12 serves as a replacement for Red Hat Fuse 7.11 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.\n\nSecurity Fix(es):\n\n* hazelcast: Hazelcast connection caching (CVE-2022-36437)\n\n* spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security (CVE-2022-31692)\n\n* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)\n\n* Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)\n\n* Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n\n* Undertow: Infinite loop in SslConduit during close (CVE-2023-1108)\n\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)\n\n* jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name (CVE-2012-5783)\n\n* apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956)\n\n* undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* batik: Server-Side Request Forgery (CVE-2022-38398)\n\n* batik: Server-Side Request Forgery (CVE-2022-38648)\n\n* batik: Server-Side Request Forgery (SSRF) vulnerability (CVE-2022-40146)\n\n* batik: Apache XML Graphics Batik vulnerable to code execution via SVG (CVE-2022-41704)\n\n* dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)\n\n* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)\n\n* engine.io: Specially crafted HTTP request can trigger an uncaught exception (CVE-2022-41940)\n\n* postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions (CVE-2022-41946)\n\n* batik: Untrusted code execution in Apache XML Graphics Batik (CVE-2022-42890)\n\n* Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n\n* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)\n\n* shiro: Authentication bypass through a specially crafted HTTP request (CVE-2023-22602)\n\n* bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)\n\n* tomcat: JsonErrorReportValve injection (CVE-2022-45143)\n\nFor more details about the security issues, including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "published": "2023-06-29T20:05:32", "modified": "2023-06-29T20:05:55", "epss": [{"cve": "CVE-2012-5783", "epss": 0.00238, "percentile": 0.61653, "modified": "2023-12-06"}, {"cve": "CVE-2020-13956", "epss": 0.00162, "percentile": 0.52683, "modified": "2023-12-06"}, {"cve": "CVE-2022-24785", "epss": 0.0033, "percentile": 0.67775, "modified": "2023-12-06"}, {"cve": "CVE-2022-31692", "epss": 0.01277, "percentile": 0.84138, "modified": "2023-12-06"}, {"cve": "CVE-2022-36437", "epss": 0.00121, "percentile": 0.46081, "modified": "2023-12-06"}, {"cve": "CVE-2022-38398", "epss": 0.00229, "percentile": 0.60884, "modified": "2023-12-06"}, {"cve": "CVE-2022-38648", "epss": 0.00195, "percentile": 0.57187, "modified": "2023-12-06"}, {"cve": "CVE-2022-40146", "epss": 0.00135, "percentile": 0.48568, "modified": "2023-12-06"}, {"cve": "CVE-2022-41704", "epss": 0.00433, "percentile": 0.71694, "modified": "2023-12-06"}, {"cve": "CVE-2022-41854", "epss": 0.00106, "percentile": 0.42729, "modified": "2023-12-06"}, {"cve": "CVE-2022-41881", "epss": 0.00084, "percentile": 0.34979, "modified": "2023-12-06"}, {"cve": "CVE-2022-41940", "epss": 0.00079, "percentile": 0.32845, "modified": "2023-12-06"}, {"cve": "CVE-2022-41946", "epss": 0.00045, "percentile": 0.12113, "modified": "2023-12-06"}, {"cve": "CVE-2022-41966", "epss": 0.001, "percentile": 0.40737, "modified": "2023-12-06"}, {"cve": "CVE-2022-42890", "epss": 0.00511, "percentile": 0.73903, "modified": "2023-12-06"}, {"cve": "CVE-2022-42920", "epss": 0.01618, "percentile": 0.86053, "modified": "2023-12-06"}, {"cve": "CVE-2022-4492", "epss": 0.00054, "percentile": 0.1973, "modified": "2023-12-06"}, {"cve": "CVE-2022-45143", "epss": 0.00254, "percentile": 0.62999, "modified": "2023-12-06"}, {"cve": "CVE-2022-46363", "epss": 0.00081, "percentile": 0.33649, "modified": "2023-12-06"}, {"cve": "CVE-2022-46364", "epss": 0.0334, "percentile": 0.90302, "modified": "2023-12-06"}, {"cve": "CVE-2023-1108", "epss": 0.00125, "percentile": 0.46927, "modified": "2023-11-30"}, {"cve": "CVE-2023-1370", "epss": 0.00046, "percentile": 0.14275, "modified": "2023-11-30"}, {"cve": "CVE-2023-20860", "epss": 0.0007, "percentile": 0.294, "modified": "2023-11-08"}, {"cve": "CVE-2023-20861", "epss": 0.00062, "percentile": 0.25244, "modified": "2023-11-08"}, {"cve": "CVE-2023-20883", "epss": 0.00072, "percentile": 0.29848, "modified": "2023-11-08"}, {"cve": "CVE-2023-22602", "epss": 0.00087, "percentile": 0.36203, "modified": "2023-11-30"}, {"cve": "CVE-2023-33201", "epss": 0.00051, "percentile": 0.17839, "modified": "2023-11-11"}], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://access.redhat.com/errata/RHSA-2023:3954", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2012-5783", "CVE-2020-13956", "CVE-2022-24785", "CVE-2022-31692", "CVE-2022-36437", "CVE-2022-38398", "CVE-2022-38648", "CVE-2022-40146", "CVE-2022-41704", "CVE-2022-41854", "CVE-2022-41881", "CVE-2022-41940", "CVE-2022-41946", "CVE-2022-41966", "CVE-2022-42890", "CVE-2022-42920", "CVE-2022-4492", "CVE-2022-45143", "CVE-2022-46363", "CVE-2022-46364", "CVE-2023-1108", "CVE-2023-1370", "CVE-2023-20860", "CVE-2023-20861", "CVE-2023-20883", "CVE-2023-22602", "CVE-2023-33201"], "immutableFields": [], "lastseen": "2023-12-06T18:41:18", "viewCount": 9, "enchantments": {"dependencies": {"references": [{"type": "aix", "idList": ["COMMONSHTTP_ADVISORY.ASC"]}, {"type": "almalinux", "idList": ["ALSA-2022:1860", "ALSA-2022:1861", "ALSA-2023:0005", "ALSA-2023:2378", "ALSA-2023:2867"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2022-41946"]}, {"type": "amazon", "idList": ["ALAS-2013-169", "ALAS-2014-410", "ALAS-2023-1668", "ALAS-2023-1695", "ALAS2-2023-1916", "ALAS2-2023-1946", "ALAS2-2023-1966", "ALAS2-2023-2007"]}, {"type": "atlassian", "idList": ["ATLASSIAN:CWD-4355", "ATLASSIAN:FE-7344", "BSERV-13724", "BSERV-14091", "CONFSERVER-93173", "CONFSERVER-93175", "CONFSERVER-93178", "CONFSERVER-93179", "CWD-4355", "FE-7344", "JRASERVER-74947", "JRASERVER-75017", "JRASERVER-76371", "JSDSERVER-14746", "JSDSERVER-14768"]}, {"type": "attackerkb", "idList": ["AKB:BA4DDF1C-43B1-4233-9BFC-EFC9F3B39267"]}, {"type": "broadcom", "idList": ["BSNSA22502"]}, {"type": "cbl_mariner", "idList": ["CBLMARINER:11427"]}, {"type": "centos", "idList": ["CESA-2013:0270", "CESA-2022:8958"]}, {"type": "cgr", "idList": ["CHAINGUARD:CVE-2020-13956", "CHAINGUARD:CVE-2023-1370", "CHAINGUARD:CVE-2023-33201"]}, {"type": "cnvd", "idList": ["CNVD-2022-73690", "CNVD-2022-73692", "CNVD-2022-73693", "CNVD-2022-85553", "CNVD-2022-86393", "CNVD-2022-89429"]}, {"type": "cve", "idList": ["CVE-2012-5783", "CVE-2012-6153", "CVE-2020-13956", "CVE-2022-24785", "CVE-2022-31692", "CVE-2022-36437", "CVE-2022-38398", "CVE-2022-38648", "CVE-2022-40146", "CVE-2022-41704", "CVE-2022-41854", "CVE-2022-41881", "CVE-2022-41940", "CVE-2022-41946", "CVE-2022-41966", "CVE-2022-42890", "CVE-2022-42920", "CVE-2022-4492", "CVE-2022-45143", "CVE-2022-46363", "CVE-2022-46364", "CVE-2023-1108", "CVE-2023-1370", "CVE-2023-20860", "CVE-2023-20861", "CVE-2023-20883", "CVE-2023-22602", "CVE-2023-33201", "CVE-2023-33251"]}, {"type": "debian", "idList": ["DEBIAN:DLA-222-1:38FAF", "DEBIAN:DLA-2405-1:2470B", "DEBIAN:DLA-2405-1:33C7A", "DEBIAN:DLA-3169-1:039F5", "DEBIAN:DLA-3218-1:78A25", "DEBIAN:DLA-3267-1:C5C46", "DEBIAN:DLA-3268-1:F6EEB", "DEBIAN:DLA-3295-1:506DF", "DEBIAN:DSA-4772-1:DCCA8", "DEBIAN:DSA-5264-1:8D38C", "DEBIAN:DSA-5315-1:2B5D4", "DEBIAN:DSA-5316-1:4E3C8", "DEBIAN:DSA-5381-1:BA964"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2012-5783", "DEBIANCVE:CVE-2012-6153", "DEBIANCVE:CVE-2020-13956", "DEBIANCVE:CVE-2022-24785", "DEBIANCVE:CVE-2022-38398", "DEBIANCVE:CVE-2022-38648", "DEBIANCVE:CVE-2022-40146", "DEBIANCVE:CVE-2022-41704", "DEBIANCVE:CVE-2022-41854", "DEBIANCVE:CVE-2022-41881", "DEBIANCVE:CVE-2022-41946", "DEBIANCVE:CVE-2022-41966", "DEBIANCVE:CVE-2022-42890", "DEBIANCVE:CVE-2022-42920", "DEBIANCVE:CVE-2022-4492", "DEBIANCVE:CVE-2022-45143", "DEBIANCVE:CVE-2023-1108", "DEBIANCVE:CVE-2023-1370", "DEBIANCVE:CVE-2023-20860", "DEBIANCVE:CVE-2023-20861", "DEBIANCVE:CVE-2023-22602", "DEBIANCVE:CVE-2023-33201"]}, {"type": "f5", "idList": ["F5:K15364328", "SOL15364328", "SOL15741"]}, {"type": "fedora", "idList": ["FEDORA:01B27304556A", "FEDORA:02A08203D679", "FEDORA:17B423058493", "FEDORA:25F4A2151F", "FEDORA:38DE2220D8", "FEDORA:3B62E30582E1", "FEDORA:4D64030B6E58", "FEDORA:52EAA3068792", "FEDORA:5A610305C7BE", "FEDORA:5B904214E6", "FEDORA:5D10B2170F", "FEDORA:765673056B04", "FEDORA:EE17520E26", "FEDORA:F29DC30459A6"]}, {"type": "freebsd", "idList": ["20006B5F-A0BC-11EB-8AE6-FC4DD43E2B6A", "9D9E9439-959E-11ED-B464-B42E991FC52E"]}, {"type": "gentoo", "idList": ["GLSA-202305-37"]}, {"type": "github", "idList": ["GHSA-2X83-R56G-CV47", "GHSA-3832-9276-X7GF", "GHSA-3W37-5P3P-JV92", "GHSA-493P-PFQ6-5258", "GHSA-53JM-3HC9-FQQC", "GHSA-562R-VG33-8X8H", "GHSA-564R-HJ7V-MCR5", "GHSA-5X5Q-8CGM-2HJQ", "GHSA-7CXR-H8WM-FG4C", "GHSA-7PHW-CXX7-Q9VQ", "GHSA-7R82-7XV7-XCPJ", "GHSA-7V28-G2PQ-GGG8", "GHSA-8HFJ-J24R-96C4", "GHSA-97XG-PHPR-RG8Q", "GHSA-C5HG-MR8R-F6JP", "GHSA-C5XV-QC8P-MH2V", "GHSA-FX2C-96VJ-985V", "GHSA-H4QG-P7R2-CPG3", "GHSA-HR8G-6V94-X4M9", "GHSA-HWVM-VFW8-93MW", "GHSA-J563-GRX4-PJPV", "GHSA-M4MM-PG93-FV78", "GHSA-MMMH-WCXM-2WR4", "GHSA-PFCC-3G6R-8RG8", "GHSA-R29W-R9PH-VM76", "GHSA-R7QP-CFHV-P84W", "GHSA-RQ2W-37H9-VG94", "GHSA-RWQR-M72Q-V6CM", "GHSA-W37G-RHQ8-7M4J", "GHSA-X3X3-QWJQ-8GJ4", "GHSA-XF96-W227-R7C4", "GITHUB:3FD88054DCBC801094E3FE87C6393455"]}, {"type": "githubexploit", "idList": ["428731AE-9B52-59E7-8DB8-DF318C51EB97", "5D9EABE3-971E-5747-9FD9-1B43A555CBF3", "9E6A468A-77D2-5284-B77E-5EE264E78695", "C3C64D66-1B91-5385-B313-6B6E531EC8A8", "D055860B-2A23-51E5-8E53-427460BD9D70"]}, {"type": "ibm", "idList": ["00DC23CF7E7D7B61DF0322853CA8188D06C5D963D1F35DBA42831634180576D2", "0144489F29388BC174AAA21C4FC7BD9538865AE7DA8DF51DB8699E1B93888AAB", "01CFF49A8E945385D7DAF195723AF2400A442375CCE77F93B4CF72774A757E1D", "02AC3D75FB5E9A395164B03D2835B59279C245C81FF95300ED74B35ADE723D5F", "031AB80137983FA206B8FD452A65FA0ADD155D250DA679ADC4DC628C2E106C7E", "0344344C5BC1E5BD76915E58268A7771FE5523A39AC168718FA30C6F4E2E5B5F", "0402B7494C72C3AEB994275ACF739697B01D6E812184207870ACF917E1A853D9", "043A6D62CA341096C0256161A0DA8BABE10EB5C3FFCEA762656657AB0B86E1C9", "0483690D85C08381A3D2BA067B62B156157A2AE6BA2E5611C9514174F2E62DF5", "0616E2FFF9B9EB2963CA55BB5998423E3020863C268671E3CD6F11A65D3B7332", "06771A3637E9F001B4466A8447005903BB47184824F7551A5ACF477DA1657402", "073E3BFEA937D237AB70AD61300AAB855D0F05B9470928EA3E707C0F279B926A", "09859535BBD73886942005381F7140B37F4079C86A8279AC944AB83F5FC012DB", "098A0B0BBDA18721083717F103FE7FB2B2BBE2394E33149D968FE7B59A7B2AD4", "098DAC5AF0B044E2298F8FC1C3B8A064BD9D77BA0109151B6328C3F713B4F1D7", "0A6BBC4DFBB5FEFCEDCBE9F7C11994171A57DC8ECA368D2E6508C015BE0285CA", "0C238E7B0B8670A16521C6BF7CBB428C076EF8BF8B7BE202FA3F2788FC5D3C6D", "0F8C9B43069C04EF8D42F75FA8D42A5837D2A01F1B45F132DD6CE116C7562B83", "103B8E8AC767258A44EE7B2B60557C3D6622BD23238D097DD62689D2F08A89D9", "11FD6C59E7010FD5528984E528B79054636D77E97E7A50039B5B5BB3C925AC5D", "12365E079006AC201EC3CA279F0927477E9103C595244F01496633DFAC47BD20", "1378324B26B4E7BDC93373980A4620FD738C8144E1187E83A11421110D2E9651", "140B83BCFF2F315F23EAB3DB361BD5C3FE9817F6C4941D1D599E184A057314BF", "15CC4FF31A1DE46652EF6155538BA9F196CB4AE25DF160DA9548558A555EF6C4", "164055B06B30D0C10BD93A89CCC7CFCB36C3969141972145F2DCC126C45736D8", "16DA6CED4597F380EB9B4CDDB6EBFD245ADAB82361BFFE73F3513D09C3BC809B", "1769260F0173291381DE3B5A09A8B6E258D9F33436EAFB8EB073987978DAA12F", "17989E4772B41ADDD21B1FD11AC6F256628CC9443C137C7BEE4920FB3ECEF450", "1884864549E9954D0DBBE2AC224F348D2E593A0CB7BB89635A0316AA5AAFB22E", "19063608A127602C0D17DA38222B195DE08E5600CC0FA38235ABBF40D8FC7F9F", "1BAF608D1A964B0E2F147D8E7E6B08F8B9E235DC69D298DB718ECFA9B9CA2CE3", "1C10137FF68CB856FD9AD7134BD2C08872AD50A8C6A862CF5D424CB10E785171", "1CA1F1BD6BD8FF8666712527F3C672A1B0EA0C06384E29CB7A91EA9A49F2D737", "1D6FE2937E22D9DB2A975F701BF67F9DD006B0DE10FCA2A757042F9616C995F1", "1F7A45CD4D73686FA6C9591207830D1B405EB9704E1C5F2BE5F439A0FE018D74", "20A4C8B7AF6C7D054CFB5D1CC60A44F2C7318F45012BF0D0062603B891AB53A7", "20A8C9A652EB6F265587C20856BEDE25B8955DD0EC8C344AE2D255F1F6329B04", "21BEACCF60C1D3077337E1AFD944FC38899667EC3D987B3792EB0D8FF236AC49", "229A4B43FE77515F8665EB39BE40365AEA78A7E6905A77143AA0029AE91AE79C", "22F61E962B7F5259E1791ABB6E8155212FCB46456934B6FD5151CEB3FB670DAD", "2508B921E7281FADE9CE088D6FA2EA1ECD697505DC78B4F948923455AD7F6F46", "269ED09DF8DEC59D6D5C76BBBEC1A3E9EB81FC2A6B977AF71E1341BCCE84CE32", "2778C5D6C324BC30DB7DAEAED1BB702CE80B1BCFF6D36121D0025E1E4A547CBD", "27BC70E2EA08EE1D00F1DC696806FF0E8D5E261D13D8DFE4629529B49DBE187D", "280E52638465EE6AB9506602965E2B2158A6130F80D8FE52BB97FC15D7B17AB1", "28E1A34D8B7AACAE238760E03EC7DC2D0E6A35DCA936AE45B1D6CE580679D06C", "2A0FC7B8A7193A01A26EA9B1FC5B75E17A52DAE933E556FB0A2D6C5AA8CAF62D", "2B8ED03AFB64688F7C236312BC8155AB0C092B0BB10F225899EEE28BFC95B925", "2BF718F14FF19DE8D51FB2B6D6FB57B7CEDA39B7415BAE84A63B5263E7D5C5A4", "2C89CFD58F3D4EE971D17C1294FCDAF90987B18CD1793833204AB66E2BE29729", "2EE8C6DEC7EAEC5C77681329BA894875B76FA38D7876E6DD65DE054FC0484B86", "30310762C3F38C4C5EB90C02A09F3DA7152F660A3060D59B866E831E1E4CB9C8", "30873CF80BE73E9C9D48E1EEF58C3E7A193F54DCD43BC7C53956AE7D3E89751E", "32BBD5E4C84E40979E111BD9619FF2C80236B498208D1EC1CDCC9F130509EB79", "33045708EFF161B477F13801CD577AA9A7B525EA85F3071F24118EFB99B235AD", "331584D83A54AFF49B699DA058B3404ECCD8A3C07552045666CF6426AE94CC19", "332EB7C24BEDDB6A08EB1D2E56168DBF8FB7B8EE1E89939D477827DEB2BC62FA", "3337911C8DC538C449895944893848F2D1A1E4B24076A762B7AB2E056465220D", "33B4112FD28368E6028E9CA4E2A1EAAE53DC2967388F1AF51A1AD75861041785", "34F5D287C654356B4FFDC0026D802797E1AB7DA4536614636D536DE4974A9BA8", "3530DF8DA972875E9B1FD6F767CF9BCE12DD28AEEAAF4F127105D1281DCB6CC5", "35774A12657731256610BEB1ACB2AE99C105060354AA560F82DED28AE65A8B24", "3669E45D7FE2AA83192FF44FAA60FB349B5D39469F2B30F7D69463B2868B4908", "36FA5A79E929BEBC1DBB7981B2A62DF1A577B4C637DA26DCB45692D5B419A406", "37E84D76257762D12F144C420A6FA36A16C6055B49D7AE073144BE16FFF7F0A0", "384C2E2A2A7CE0D7C1ED343860F7A8372BBF28CD038D1B9802B3A13C761159CF", "392BD651F6852C7EA391C6C18761CB1B917EDD014CDB78506A58475CBFA4CDD1", "395A9D2D7716A5EE2452B4CC6F7A8B7A090BD6E1F23ADEA150A11B506B819AFB", "3AFEBF4B181B94F6D70FE1D8A5898785465275C259E6494C5C9F790F3216B36A", "3B659ECA0A3490E43A993E28F17C28259C30674E3C1D43656C4A5B37F135FF29", "3BF41017E119596968082D4CAA63D812A418A916C3F814647B6EC4882CDD2BC3", "3D8540513E9389E52505EF4CCF99C1FC5DC8928BFA49128170D48087D1264725", "3DD81BAD784F59BB9BF823B92CEB58BE36823EB8A478E3D24C5A8417A3D90A2F", "3DF12CE7E405A27C5D5CD02B7E82B121B9FC8066351CBDF237840051F5E9A63F", "3F17AD234485231B399ABCABB7240BE667955FAB95A2D1646771469236C70D91", "3F50B90AA067D7B221DE01833CF094A0A4B8DFCEFA2F20192B47FCC636918D02", "417A30BFC515A10B701A9EFDC02AA680D9524FFFFDC72F42B5BE12872E8DF6FA", "41966D937E2990F0F57325CC9C4284044D0D7B15F0E27C73F2A0083F424017E0", "429C6224339DD251B4F19FC9E08784DBF78E1C0DA9099B83B8B73D5A63535E87", "43DA4697F34CF5D5A6799540E74541895D58CA735AF6018C2189B56DA5C5FD59", "447FEC42028C43695F236913B9B65B6EA35AD629445FF5214ABFD4DAF4A821D8", "45D6DC7F686DEB5F70B552B74591916A3F9AD37F71BB27CFBF970CEA57AC883F", "4777F5C1553B23793B9C264645B77DC8564BD5ADDE40E26C0417DA938016C274", "4979AE00A6ED0C539B1400C19C9582B63BBE318402F26C5329EFDF836AF802D1", "4AC135B103268AF4505A6F6E4633707C82E178B1CA4447D730F3CAC6F171B7F0", "4B22C13BA0342AC072AE2964609BF8343A0D70A7820D3DD04038EE3A4EED69B1", "4BD63959A84B5CDC30DDA7828E7D1E6DEFACAA6441E549ADE5300BB023608674", "4BDE70E43A19F50FF60A2F5CB6ED1C095A92727557F41F17F3F3059A4D00A95B", "4BF223391C936C5664E65BE0C1633537E0B423C3C637E028FA4ABFD7531FC294", "4BF7A5E750431865636D92E71393396C252B3F778FB89C0C3E599627DCB87306", "4C9620E4B1C2C75BB5F9A1C89AFEB0043D318751B022B3E6F99418430D76F1C4", "4DFE5A6ED234327248E8451B57200F8C7A68429EC3CCCB0DFECC6728217B38C9", "4F2F1CEC21593E14CFA5185766BAB1A3ACE3CE7606D9506EA35A0E0677085BC7", "5010E74E7B5E5A0168C11852A92C6B1495A79D41F8B5C5603D4BB715AF51650E", "50C9D12D8B5A479194C886433B70A4FCE4687FBA2E0967A86B9591F8E9F372B4", "50E1F6A909D483A6A1F4E4A73C8843379E6D35C68D91CC134F25CE2AAF633DDC", "51D9791F34A60949E753D5D5D3B18A0FEB74792B5E0278450345A6CC1EA406FA", "536C25C1EF194D407FC939B41616989F78C65BF969F3C6180D43BD166F97FB5E", "5385CCCD25091ADE732A048CB2A733051DA09717A76EF856DDA873F188C10B84", "539FD5A344951CB3146EC1C6256AC3A91344217924BD86DB5242BF2BD9D82C91", "53B532B87CEA78B57E2ED69FBCEA8B269DE8F2659CD1185FAB9174B1B7BD0971", "57ECB2F42238F3129A22A7BF7162482997E17DA631367C7851A710687B01C414", "582E108723F2B0729343ED1D97E0791DC1CFB579A0F69C00B8D008EFEA47EB2C", "592D0DF4797C26F4ED5E3A0263B795F7729CF9E51697D4999EE6B70D498826E7", "5999D67908FCCE20786CBA7955C6C88529B75A83D364118E4A97892D417B208B", "5A4D0F2F6B321F74DADB1C42CFD151EA6581783AFE6E5F7519B2E9433100A114", "5A638A8418B1D62B63BAC33050D57511EAB9031C42CB2FB9D6CD642597977EB7", "5AC1EF929EE40878F2A10843CA35DB78A6C19A226DFAC7C0A85E60AB0E028E31", "5D04198B54656ADFCB0B5E5C4A8A4890DED9C9BF882D524A7A1C4C8C84533CDB", "5E8673679B8A7CD5483BEF7C6FAB8E288E9D1933C8AE5E03D18C5C841E14B811", "5E8AA70CB8B57AC5EFBC54AA401E7BF261CE1B905CF3B82BCDCCA6A85AA8292F", "5EF5A403B9C7FB46E177956FF654880E820C1E6399F8D08DA056AC3336D99EAB", "629818E44ECBBC14327D01DD31BD162798FE2E718C78D969624EEE5130B4EFF8", "638BC9B9F1B860264859BBA0AE04F262C584B383B8D229DBFD85404C0046EBA0", "643278CE1BB636D8764FFFB99832A74E1EB43BC79E059A2AF6DA2A9DF4BB4FCB", "651FC6C43CFDB4526EFE8A1D3CEE61C57B4A3336B9A1E33A1FC8E787A7B5B69A", "66F6F34BD142F19CBCF224012465A93D508DAF09BA3BDD358780FF0C99B5404D", "672ED98E9AB8BD15ACA2079635029450D742DBDD7246A12534BFFA7D54E83F8A", "6834E3905AADC819DB5BF4042B617F874AC24BCB0AC2F484A2275161173B7A89", "68DA4CB31A27A8A05E541155F035E4C3D083C5E58B47B0D8F2335FB92F9249C8", "6B6CE9F202E660300CE36E02212419B587FED63C787599626A5A346895CA72E3", "6BEA9F84DC62EEF2F81452A495EE058F7071A48DAFE4BA729BEFD2D5AB77F224", "6CE422FDA3E274BB74AC81FB14ECF7A6747FD5F9BFFCFFD833EBB36A2DE78EC2", "6D3FDAAD9932EDE749974072E84133279FC37F00C03E3EC8BA819C5E502E735D", "6DD74BC1A2B414A66F1E251CA6CB9EBB6FE85476F6B26012B2B116CADF95A0B9", "6DF11C48DBD150389BD788E33E0F9C8BBDAF1FA8674FAE3BD975AF6F35875619", "6E04BD78D8276F4C7720274781FB8B4884107FCE88339A64A9B677E7B1D60CFE", "6F029265D5F1E4EA73E465DA5F623E94E637B58AB0899CCF62C2946F8619AFEF", "6F149914C358C5F0B0440085C1021143D14FF4E97F70395937DEC3FE5968AE80", "6F20904FE511CD3681D86086F079C27E41F83597333D2800D08AEA4F1DB34CAE", "7070BA75AD9272268135D5A4C79AF1BE8BF2BD1AD2A057457ACAA7D349BC9AAB", "70A57F22CB3F0C4AC186D901C031E3FAE84D58F0CE3E14CCC30279D53A952D0D", "71CDD63A1AD97B25B5D340485A59770BF8D8562D4CAD88FE72B3A6F0282EF5B2", "71E33CEC9CC6FECB7854DFBE46596F221624A1288A2A8D56D38109887FC10D51", "727A7F289CB7DD0BC0F572A28A0468B296B607D19CE6157408E791767F139AC8", "74F1C9F1F9B94C959344DD15B0E68FF1CD235AE444BE5D470E1A9CB9F21A3FBF", "7609E2C48A7DCE1D589CA7BF32DE0A035C05F05644EA443F2B60571816E4AC22", "7673ECA7C26C82F326589C66582D68F7F87357B4FB250AD73DE7E7F5EC924344", "77972D63681B5C5CF5A756975D81048480CF1445F8B84D8F700DE1C7A1F2B459", "77A5CD46FD3C6940EFC34DE8C8AA831927106A12E0E3EAC862A5D46723F4092E", "78EEA56B2A5DF0C85488A5A142301BFC2DAF518E90B972461A497445D7F5E4DE", "792B85A8DB94781D66D2F4C4B62AF0AB0D8345DE0EDC163D9DF3146450CB58F8", "7A34C5EA3878227646136480AF345DCC5DF882B26F65D3380EC0064BCCA45485", "7AE4383D619D418CABE7152FB7E807377BEB422FC2E2543F14B7926B017944EA", "7B416F1B0141E500C5743C50726CC92E957B9D86861E8806BD1A604528D7254E", "7B55B296EF4CEB7D6C42BF9F0FF8C3E5EF24F50F0D78418E8D2589C35F66DC64", "7C1B5D0FA031DA8FE69676846CB3E888C4ECACD67FAECEEE869017FFAD05FC00", "7C6868DF7570F67513CD79FFFE949C20A91FB069E0BF035BB536049992C5168D", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "7E2F5BE2E736F37A5C7CCF26C9B454B432809BD7A4C2F260E0156222D3F030DF", "7E6243FBC21C330375E07263D507D3B69CA584833DA3176E38A5D874BAFD8F9E", "7F49152296CEC8D5B01F759C14D244EE9DFFFC65E1D2E857203E7F16426E96DF", "807F02BF5D04D1D709B1D383A56D073A3E2ABB5E058B819FF145C9C80E083AF4", "80A3730F540EB601DE7F4E1BAAA934E28FC226500C11CD3BA07406C977D4EE1C", "81D5F6F41E5617EDA7FF694BBE43496FC48B7577BB4C9C238127ECCCB1D40118", "83DE818C5932FD800E5449ABA82FA7FDCAC7A0E2B41C5C07CC9E5CC56A3B9296", "8491CF1F3DD8116411BD720BFCBC2272BEB04446394152CADFC6BA73F4D21149", "858896131EA815FB74E9BDD335996EEADB31086755EBD223F4051866A0275C41", "85B95B26FAC330D943BC78B63DA3DB90C7D2E772A96FDA17D162D185065655B7", "865EA54168B3468F144D766A05C1D0F46688B9432D0F44CF7D073C51AD254CAA", "86C605E3543D3B83BA0A25B4F9686B938438FDAB955B33BD0721D21AA9B6A946", "87DCB77CF764C7235B6473B289E603F21A1588D5812BC1D3022468CF1C8EF03A", "87E6D4C301160C1CA7B7C749D6221797735E32302CEF38AF6B48178A890F9295", "88B8DC6EA75D39C653142024A42B12BB1759F97DF4BF203772EFB3960C20E495", "88DFB9E982D0A58C6136F965194F206A274D548D30DEA8A56A30E8B13938EBD4", "89FEE7121CE7E623339D7C28C6D0783C10B5E727615ED720229B0DEEBF936D9D", "8A242C548ADF3E615FE6BA32C7E6F5B2DB8B1FA250ABF2329DC20A0FB32D3700", "8AC2B8BF18DFE033F865ED53A61B3DBEB5E0DF21D0F1634B030AAECB5AAD0C73", "8B6CE64BECA68519204B7FAC94B33436E7D2A33A58B4CDEBFF8E1615DD04F371", "8B7BC825CAA1800876B2664D15849E00A0033705EBDA3BA002D10E3DB42CBDFC", "8D964A6D85AB92A093A54D98B52835DA52D646F29F4FB8F77B0F37827E6FEFB1", "8DC012FB9CB2E4F886386955F8044306408079A77CB70C42962ECF1BA400B3E7", "8ED26CE4E3C008210C3B0D41D1736FDA7A3F645F5166198DFB321DDA28653695", "8F2E0FA6476B005EAB110F058267A0DF6C6FC16CF30359EB670315D688EE98A6", "8F7E9BC38CC1D5886DD8998C93E683C9367649830B463A9A5032011B60846A4C", "8FB323EC50EB5CCD3380176BF2571DDA8C7739DBF4BC558C9B57458B912FEEF7", "906C9EAE754E54F590FDCE4A48EB7695E618EAFE6B6543B720652975DFB3041B", "90847A04C5D025781FABDCB80A0889BB897292B48DFEC5BB0A70FD9EBF8A464A", "9110F768002DA983A638BCBE95B62B3FEB0C06E5154B8283046FAB02CBFB7D0C", "915C40C3847839BAFC1ADC3A4E386F48D7716C2F3DA53EC6BE7228D7003DDC0D", "91BE28029AE36909EA2ECE988EFEA09687D32790E310DC397DBC139AE3FD673F", "91D7C6C9A5739FEE5F42D389A6790AF75591DE3F4B00792DEC9B2F9736C9AA92", "92C2D58DB9DA7102D7F9C515B4EE2CED16C0735F48AA49B707B24837E12E16B9", "93C5C41AEF731922565AB24789B4C9259F82323486524FD092496E93D6475A02", "942141E4DE7A87D80E8BC35C32C453A70AA967E408155547EB6E34E68CCE1EF6", "954B901FB199DE0B672BB799941A63760A9851C6EF21D1CDD9356E28D85DFB83", "969D227E349C42592D01EE5BF80FD4226D5A67E7B7FBC6F06906BF6F60163B06", "96AA6E96C459B552487D37879C1210BD7926BC641E7FD69543382941733FFB5F", "96B854658FB25B1C41C7953D07DFA40702863F7DF3DA2149F3BC57ED6B4B5CAA", "97D5F772EC68BDCD260FBB9DFB7A322AAAC657E9360305DF11F9C6A6A40D1B85", "997F559E4D89247D29F8C332BFB91B9C60C9F684F818960F2718B6740576A553", "99D6EFA76ABDFEFC7CAC07094AC01A7EE287E7C7CC6649FC4DD4B0D69B2CDA09", "9B805560D17020F4EAF3C66708B3C18DA24147481A5B8A0C640E3C666E540887", "9D9A01E02514803E9E0E5DD88830752E1595E1F1CC50F35B26CA6DC44AE2E184", "9E730F76DD207F8BCF7E62ECABD4850B18E714ED92F0AAEB7ACC54B0B4E81356", "9F95AEBD8EC232C9A5958CB17E5C9C4116B02F62221BC66A39487A0F95F36A9F", "9FF827E2FD54F19DA755A2B6208A2EC7D3AE8D60BF765D40D030A7C7CEF95C29", "A0018DD880ED10F9696EBA0CC961AE24CBBA555DBCFBA2AE63ED30B3EC5271F1", "A13F938AA79D57021B953A77BB7F77514FF334329E0A290840B51BFF3BF61B87", "A2FC2855758520999DA3A62F24DF6E922433F33747C5813815EA46D21860A053", "A380C4CD3FFEF0D1AD28C9019320AF0085267A1FC55FD33D40E61A6A71DFDFF1", "A4503A3D8C88F03AAF1FDD6AE6AA893CB99C1494E5AC52A804B1D1FB8B0DBE84", "A5071A393EC8AD3C59E3517F73FC772A20B64DEA633B4642419E72984892F891", "A6D9D4111807AA4EB0126419E70851CE3116CAE1D7000C36A1B26DAEBCF4424F", "A8A1B567F944BADF2C3904883B086755440DF569158EEB6B0C8C2202276A6F6E", "A9B608450EE2B2505174F8F497D891A822A15EB84A1C302BA28DE13FA45B34D4", "AA6F08F01A079565B77B09647282DFF85E99CF9A1905EAF67DAE8F9CCF81DB85", "AAE68AA2EFC385FF3EBD4382FB866664D480CC7F1DD4B169227644E77ADC4B20", "AAFF9E87667B35D62A52D77B8E5C3A000AE2419974F7C14545C23704BDDC171B", "AB24944DBEBE38F0BC5C45F998163889F0AE20E03F8A7A1E3E7A7BAC40D872C2", "AC1B0D3221039034ADCB188D5CE5B7E84F8E213A24C7AC7A4C4B1F1DEF9C1EEA", "AD07FBFE41C71959BA164DC477AA5C9937143E243C7EA2C9CB72779238BB5E2B", "AE395445C7C7240CD17B06CE58A20D98731AA33DE1AAF047F3A02C424CBD3F87", "AE8B23AD6B0062B13D1E5F5D2B9C3DE6F734845A554B1AED12CCABFC9651716D", "AE9BBF24CA06F813C26AC6420569FEAB23ECA37FE5285B81587411321C1E7DA2", "AEC0722767EA21CDE0F10129C001F976425E48E7F302D7C24108AFF251D12D6D", "AF3CBD718F3297D87FDA4616011F4CD425D9EBE3BB2880108811A5CAEF018EB6", "AF86C1B737292165F5D47C30CCBCD4F557833FC9B1621FBA6A46C5FB8954D4B7", "B0D6E87284C12AB4B1DC671591B12DDF5FFBFF965FA13BB9D4183BE4014F78E2", "B0FF85DCDE8644B3484BD6CF258480DD40154E7BDFEEDF7A128BF747F3AC618F", "B14642F54A5107B24F27A9FCF4EB0B9FB85D1169572912D2BED9CD965A5B3F1C", "B162488428F052A8384F50D9EADDD5D83DC9E14ED4008D497524D02B6B7CF2B6", "B1E59CCCA8B3CF5EC7706FD13D0C0D0BAE04DA264E9776524A394476D0F03BEB", "B26820DB27A2FAA1ACA38AC50789692CF5EFEEBC3CBAF202DB49324399109A51", "B2EA2FBA4D280351FEA7F9EC1921C448D44F4D9EC613590A87A15467F7D34153", "B2EA72FDDD4D8A2F15AC84DB99F14A476043E3F4CF526D7513EBA6661486A9F6", "B36D4D104A4F6AABE76B2FD840B292FAFEABCFA232BB38EEB768F68D12E9D548", "B3B1FC23A4C930FEAD08C8387FB110B8D902C58E8F6676A8CC259F7902925086", "B443C6268C32A55B714975F403CE2E916F8F1924C5682DCFF02C21AFD815860C", "B51AF4C2C0B4B3FCF10EADEB599F02E1A09BD9B0824BDADA9AB8ABF497AA1858", "B61430FF02D2BBFFC51F443C00CA0AEE8270C012141BA15B5D5AABD29C436091", "B62A0DF1BA325616E310706F59A3DD07DD7DC7356D343963E6F99C6D89411ED3", "B646346CD0E40AB78D9B68A80759174B5332138B354289F2D1DD2721C376AA56", "B6C7D0DB936C21EECE1A9560C70EF49D0800F1A64433C748699C4824A7652A8B", "B6D98686FB4CE3794F12AA810C56116765161F3CB64E9212B301423AF70BBA48", "B6EC21304BF95409AB4EB95E27863DF7110BF33BFB9CDF52A9884156F088C326", "B7FFCDCF2A3B1687DAB018D6101FFF57827679D4F90EB041E7706E9CCDAE5E54", "B8C124EE4E419DE7F41A9CB0246E9FF21300C4C9A2734EF999830B9906B65133", "B8C4BDE78039C235DB5ABE09DBC6F1D98FBA33CF267BC6664D1BC3488188161A", "B99FB79D872511BA4AC9EFFAE77B4B64B5F836318D8264BACDC3891795B6FB88", "B9C405A782AE3AD9D4937192BF84735323EFCD8597991C828246547C7B9B4DEB", "BA385C300E1AB69708D8E5042F5220F275493E2AE45A5E3A1DD992DE1DAB492E", "BAFE1432B61D78F2B29438C3606D2D46643F4DA3DFC6DD0FB0C4962ECD44C150", "BB025EE04BCE10DD8391F132BBA8E92CDBAE87B356CB984FD2EFC8860F51DB08", "BD00500E86EC2E6B3D47BD9116740210CE8F45B9EBA8B9B4454BE43AD53B4770", "BE0125A0244A48C63EDE3EEB023192A76A967E2BE6D206ACCD9E28DFD20C9EF3", "BE0194B134671D819C4CC0ABBEBC743B8E371412FE58CF33F0AFDD857719F1C6", "BE49C929AC26CA534C88885015C71D1387E44CAF7486CA36876CB2168B74AD1A", "BF12DA2AF18CCA8454149FE005837D2ED10EB8EF182BCBFA0C87F518AB51DFC6", "C11BA9E14CD6800C4F5B26BAB241BCB07EF8006C97D429A46A56F40566B74CA8", "C1F769D030FC2C40F30870B89602B6E37C63D9738974975088F5749826F8EED3", "C3B567818F0068A4E76BF412FA5CD0354D004804480FA49A2095407B12E1C65E", "C41BB7D9468F79EBD4EB53FF3F0093C3D2B01040901E532E8D4FB142A0C3EBC4", "C4467BA3E5D72DC34C4794D5A8FA181453EC5DB5DE69C118BBD0C16B39DF12EF", "C52223906F93FF7810C7159D1EAE17B1876D5ECF7E7221F3C49C37B7064D079F", "C633E3F919C9BCD1EAFB625FB054DC01CA44ECB316E9D13E7A22A44BF1FFF391", "C691ED819A21CE925B4BA560ACDBCD0FAC5319D612EE9EC037B2DAD90A0C8D64", "CA3FBFB8EA3EF658E824E595E953CB7D32C79004F37EDF6F4561B92F38A2FF7F", "CAF8FA62D33B27B2B339B73B397B61030565E15C0A1D48E870DC42E60E535371", "CC3CA2E6A057BD0C432A1C280BCDA473EAA13F9A6EA2532C58C5E8FD129BF2B1", "CCB248CD804132A0475454F67CD950BE6EA465D4FF96EB241B668A2C8B3CE085", "CDD93933A317B04B50C248F3EB04FC47F3F9FD68CCF07F6CAD56D189A531A84D", "CE23BE06FB735B14AFC764CC434C366CF27EAA218807A2F6E9745A8751CF82C9", "CE7D5A1D0996FFAC3B1D8B653E0D11581F2B40F4522A074649FEF0017143DE02", "CFCC0798CDF713DF824D5A326207194D6B958FDE4555B27C773AACA218FEDFBF", "CFD6F0DEE30E7601DE062B0F8DDD0DD51BD5F4FB67D6217D64FA413B9035F54B", "D046A32D084D8623BD422557D27D805F02917530E2461D8F49BC8F077F6AAA97", "D069D767BFDDACAF36F8AD8149748B1FB801641BF7495317DD2896BA6B1D2E26", "D0934964E9B56702CBED525517F4EA576FF2F33A8BA6C800C34ECA9B7FE90236", "D119D49C63D565CF5FF1DB2A9639F03B8A262F13941341F6EE7F4F012125086C", "D11AB976F85F6CB2A151F18E4C7DCD45359DDB99578FE739D459AA7C71585CEB", "D1C70BE32DEEA561F5BD20121B6CE6B04522C3B0A34D7DF273B2AA52F0E58277", "D2C63E81E4FB9F7A9B43B8070EC66A64E58823742404A99C667D0ED525F22708", "D31BBFD6A0A5021EB4550D1A719864970BA2A6914CFB3A966A43FDBBFB5835C3", "D3EFB24CDB958FE8DFD2C179A4F15B7E9D09B5F83584D75E88ABFD281830DA37", "D6677B366CD35E1B4F6DF838B54EFE8571FBCE9D92919BBCBB56A5A34A788F1B", "D66B903250F05C7E6F628063E46BB788B758ACF5470BDBDCE9A7DDCF98ED3362", "D69CAB0B695FDB3F4A13D03095C9000050A31CA1EEA0F9ED3CBD01DC6FA43F1A", "D70A548302FB88FE5083E2401F2C5DC3606927918AE7411F5FC1565E2C72328B", "D783A7F4DFFB9905E79E357ACA80CE9623FFC55147AEC4BAF71DFFC0CC45C9F3", "D826889E230B2C8A4B6067347009A7AE2FAEEE02034203EDF1641E589243220E", "D976CAEED746DBFCD5B5D50BF9560BA40C34FB64BC3852FCE1CDE24C3076CD2E", "D9B56C946750B8570F9D55781894D17FA946F31D3A803E855055FC23A5BD99B1", "DA5137A5B1E0059082998B64DFAAB0227A2A4D56E5BF75AFFF92D7DA0425C77C", "DB6C123A0F3A67F1BE53A9B6F03B31A2420159F2C8C5AF9336DB3A3A489929D3", "DD0242BF5A2BD5E80173BDEE56C8A2B9368818D8BCCDB33834CD9E78CB29208B", "DD3DD96D8064D65093AA9C7A9CFD186B2731F20C9C4F12C15232298160BDD6CD", "DD5BF5116E5741EB672335643731F4B54ACDBD92F34C019A128C14DD0EF87E44", "DDB6BECDB2F6AD03325FC289A06D647AF83BD3A8B6A5886DB4466FD926B7E25D", "DE46BF6F090121E98D358952D04EFBEF93EFD7E32E719B8173227C3E5CB26E90", "DEAFA2DB54593AA80919E191E6F6089E8FC07DD6414224DF7420DF6F55DF4BC8", "DED899C681C4F01F658F5349E77058BDF8C51E88FADBC17AC63AAD856B4CADE5", "DFEB027D63B2C15191EC1FDE8836EE3B8F24CFA4B42FE77E7E1820B6BBD77AC9", "E05CC151FBA87195514CB65A3CB00BD8B2697F1C08602EC6A35EBF3E97CE31AB", "E0E1D996E2538457D3137D56EB0BB1D46D9CFEA24E8563C06C9EF1CA97CD1F62", "E0E5C09F1C81A5998CF1832EDD8EAA5173D7C79568EA17366F30E35B8FCA63B8", "E2F000BF37790E086A7F778E342A5A0A63D3A8E499DCA6B448852B580CEAA8A7", "E4AA5C802C4C37F77A1DB7FED935F8D3298813C891D2FF1F2BF04199798B3BCD", "E4DC9E8C28969F8B9231A83049A4883A1006D77B5AAE8BCF281A1020304FFA38", "E7B26F1EAEFB4260D24EE36CC6F4BF7A433546C3ED0AB3E0C2C3FEF44B61DA61", "E7E3551B3BD388636A37375B3F6439FA5E8D471B186B7E9F88305EC0A265E5D7", "E865AEC861081DF4FF67DBF0B04D3E134D71A5914681CD7C13E100D35E6CDBA7", "E89904BB9281CBDB4FA1990E992BBF131249B494EBF9C1772004B3EB231CE1D2", "E9C53D2F51964D4EC70C227FD230B86A74310670A3BF941241307D8597CA4222", "EA4EC09665CE0CC62EAB829E3E3A3D0A5FF4869F26F4D8553EED6F15898938AB", "EB4D77DF2606CC961A9837462FA9F768B43E2641736E483B9318E136D52C90D1", "ED19C9EEE989C86443534292F120054D8F03151A22BBC03291CFA757884F930F", "ED8F8307E017F0B5E99D75B0A0278941C71E34AEAB269BE8FE00779D7C4262C4", "EDC6276764C331FE5381EE2663A1BD78777530A7E872A848558618A96CEAAD79", "EE7C2886F57225FEC8741732FACCE555D2DD0CF394E26B96FEE008FD276BF30E", "F06557E676BEE33840ABDCBC8B63800AEF257D21E96813D19608264A0DF5ED04", "F06BBC3CB086DFDA16B6083DA14D1B75B05E5F193F8BBA949D2D15FDDEC0078F", "F0BEE71D1E1E1F410EAE7CBBF899A463124708682905DE5AB537B39047C97A14", "F10B278BFBFA868C361722B3DE18CDFFBEA415174A88751DEB4AB93FA4D5705C", "F15BA9EC0C1FC4624C7DDC90D046A7A3558B86CF13B121A8778B5BA8562491DC", "F250372D5595C2E15D93CBAE22D0B2B655E56278BC404D865AD0BE317EEA237F", "F26A74C5375F6738F3160B3D272645260FE04D2717F9F7B52673CFE0A8C201C7", "F26EE38CBA6B93A0B0967DD4DF0B628E7EDCBF41134B0358C7BD18C0EBEC7F60", "F43AC4AD74C202F4FEB76EA0BC3429642A773A92CA519668F55C67ABFA59AEB0", "F479B1D4D6CE6F94562BE83AEBC7D30E6633A6727AB24138B99039D7EB3AB70F", "F4C1874804BC7A7126D1D2CE605F6EAC82F153D354E3418EC7712281C348E103", "F64DA47FC3702B8685BBFAF6F11CB66B162143A42893C2917F13E1D839D0A9E6", "F6D169275CDBC93260CAB28BCACCE52310F1D5129F8B52B33E7852AB3C8C803E", "F78D5F289662ED551CA878678E4ED426A6D6A71CE5B9D9691EE25EF1BFF70520", "F8C01C7CBD793A60A9DBEF76E665F3DB16E14FFFF79B196E4674250E3791DDB2", "F976E6D48149579C30755509014967F1B6A7163FEAAB9453EBE9572696C3DDDD", "FA612F0F023D6918A8F9582D5AB6D4A1F189D6D644349320603EA1D26B88DF37", "FA79F50538FB95145EAF14A60D412AB63D152DFEB15679BE477BD522DE791ED6", "FBCC15D37DB82855A84E414F2F4C447C0F952B6B90CAC19600957DE4EB6A5158", "FC2BEDDC9B0A20E14CE30F6B90D14256565AADCC69A534CA0557D8F35594D108", "FF4840FA7F2317CBB6130A281376F7290C3227EB77D653FDB8C95433F1FE2137"]}, {"type": "kaspersky", "idList": ["KLA20148", "KLA20149"]}, {"type": "mageia", "idList": ["MGASA-2013-0199", "MGASA-2021-0314", "MGASA-2022-0323", "MGASA-2023-0138"]}, {"type": "nessus", "idList": ["AIX_IJ44987.NASL", "AIX_IJ44994.NASL", "AIX_IJ45221.NASL", "AIX_IJ45224.NASL", "AL2022_ALAS2022-2023-275.NASL", "AL2023_ALAS2023-2023-105.NASL", "AL2023_ALAS2023-2023-176.NASL", "AL2023_ALAS2023-2023-280.NASL", "AL2023_ALAS2023-2023-375.NASL", "AL2_ALAS-2023-1916.NASL", "AL2_ALAS-2023-1946.NASL", "AL2_ALAS-2023-1966.NASL", "AL2_ALAS-2023-2007.NASL", "AL2_ALASTOMCAT8_5-2023-013.NASL", "AL2_ALASTOMCAT9-2023-008.NASL", "ALA_ALAS-2013-169.NASL", "ALA_ALAS-2014-410.NASL", "ALA_ALAS-2023-1668.NASL", "ALA_ALAS-2023-1695.NASL", "ALMA_LINUX_ALSA-2022-1860.NASL", "ALMA_LINUX_ALSA-2022-1861.NASL", "ALMA_LINUX_ALSA-2023-0005.NASL", "ALMA_LINUX_ALSA-2023-2378.NASL", "ALMA_LINUX_ALSA-2023-2867.NASL", "APACHE_SHIRO_CVE-2023-22602.NASL", "CENTOS8_RHSA-2022-1860.NASL", "CENTOS8_RHSA-2022-1861.NASL", "CENTOS8_RHSA-2023-2867.NASL", "CENTOS_RHSA-2013-0270.NASL", "CENTOS_RHSA-2022-8958.NASL", "CONFLUENCE_CONFSERVER-93173.NASL", "CONFLUENCE_CONFSERVER-93175.NASL", "DEBIAN_DLA-222.NASL", "DEBIAN_DLA-2405.NASL", "DEBIAN_DLA-3169.NASL", "DEBIAN_DLA-3218.NASL", "DEBIAN_DLA-3267.NASL", "DEBIAN_DLA-3268.NASL", "DEBIAN_DLA-3295.NASL", "DEBIAN_DLA-3373.NASL", "DEBIAN_DLA-3514.NASL", "DEBIAN_DLA-3619.NASL", "DEBIAN_DSA-4772.NASL", "DEBIAN_DSA-5264.NASL", "DEBIAN_DSA-5315.NASL", "DEBIAN_DSA-5316.NASL", "DEBIAN_DSA-5381.NASL", "EULEROS_SA-2023-1307.NASL", "EULEROS_SA-2023-2137.NASL", "FEDORA_2013-1189.NASL", "FEDORA_2013-1203.NASL", "FEDORA_2013-1289.NASL", "FEDORA_2014-9539.NASL", "FEDORA_2014-9581.NASL", "FEDORA_2022-0E358ADDB8.NASL", "FEDORA_2022-8A4E8AA190.NASL", "FEDORA_2022-F60A52E054.NASL", "FEDORA_2023-27EC59A486.NASL", "FEDORA_2023-3256575FC8.NASL", "FREEBSD_PKG_20006B5FA0BC11EB8AE6FC4DD43E2B6A.NASL", "FREEBSD_PKG_9D9E9439959E11EDB464B42E991FC52E.NASL", "GENTOO_GLSA-202305-37.NASL", "IBM_COGNOS_6986505.NASL", "IBM_COGNOS_7012621.NASL", "MYSQL_ENTERPRISE_MONITOR_8_0_33.NASL", "MYSQL_ENTERPRISE_MONITOR_8_0_34.NASL", "NESSUS_TNS-2022-20.NASL", "NNM_6_2_0.NASL", "NUTANIX_NXSA-AOS-6_6_0_5.NASL", "NUTANIX_NXSA-AOS-6_6_2.NASL", "OPENSUSE-2013-161.NASL", "OPENSUSE-2013-304.NASL", "OPENSUSE-2013-305.NASL", "ORACLELINUX_ELSA-2013-0270.NASL", "ORACLELINUX_ELSA-2022-1860.NASL", "ORACLELINUX_ELSA-2022-1861.NASL", "ORACLELINUX_ELSA-2022-8958.NASL", "ORACLELINUX_ELSA-2023-0005.NASL", "ORACLELINUX_ELSA-2023-2378.NASL", "ORACLELINUX_ELSA-2023-2867.NASL", "ORACLE_BI_PUBLISHER_CPU_JUL_2023.NASL", "ORACLE_BPM_CPU_APR_2023.NASL", "ORACLE_COHERENCE_CPU_APR_2023.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_CPU_APR_2023.NASL", "ORACLE_ESSBASE_CPU_APR_2023.NASL", "ORACLE_IDENTITY_MANAGEMENT_CPU_JUL_2023.NASL", "ORACLE_NOSQL_CPU_APR_2021.NASL", "ORACLE_OBIEE_CPU_JUL_2023_OAS.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_JUL_2023.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_APR_2021.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_JUL_2023.NASL", "ORACLE_RDBMS_CPU_APR_2023.NASL", "ORACLE_RDBMS_CPU_JUL_2021.NASL", "ORACLE_RDBMS_CPU_JUL_2023.NASL", "ORACLE_RDBMS_CPU_OCT_2022.NASL", "ORACLE_WEBCENTER_PORTAL_CPU_APR_2023.NASL", "ORACLE_WEBCENTER_PORTAL_CPU_OCT_2023.NASL", "ORACLE_WEBCENTER_SITES_CPU_JUL_2023.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_JAN_2022.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_JUL_2023.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_OCT_2023.NASL", "PHOTONOS_PHSA-2020-3_0-0141_COMMONS.NASL", "POSTGRES_JDBC_CVE-2022-41946.NASL", "REDHAT-RHSA-2013-0270.NASL", "REDHAT-RHSA-2013-0680.NASL", "REDHAT-RHSA-2014-0224.NASL", "REDHAT-RHSA-2014-1162.NASL", "REDHAT-RHSA-2014-1320.NASL", "REDHAT-RHSA-2014-1321.NASL", "REDHAT-RHSA-2021-0246.NASL", "REDHAT-RHSA-2021-0247.NASL", "REDHAT-RHSA-2021-0248.NASL", "REDHAT-RHSA-2022-0722.NASL", "REDHAT-RHSA-2022-1860.NASL", "REDHAT-RHSA-2022-1861.NASL", "REDHAT-RHSA-2022-4918.NASL", "REDHAT-RHSA-2022-4919.NASL", "REDHAT-RHSA-2022-6272.NASL", "REDHAT-RHSA-2022-6277.NASL", "REDHAT-RHSA-2022-8958.NASL", "REDHAT-RHSA-2022-8959.NASL", "REDHAT-RHSA-2023-0004.NASL", "REDHAT-RHSA-2023-0005.NASL", "REDHAT-RHSA-2023-0076.NASL", "REDHAT-RHSA-2023-0163.NASL", "REDHAT-RHSA-2023-0552.NASL", "REDHAT-RHSA-2023-0553.NASL", "REDHAT-RHSA-2023-0554.NASL", "REDHAT-RHSA-2023-1043.NASL", "REDHAT-RHSA-2023-1044.NASL", "REDHAT-RHSA-2023-1045.NASL", "REDHAT-RHSA-2023-1185.NASL", "REDHAT-RHSA-2023-1512.NASL", "REDHAT-RHSA-2023-1513.NASL", "REDHAT-RHSA-2023-1514.NASL", "REDHAT-RHSA-2023-1663.NASL", "REDHAT-RHSA-2023-2378.NASL", "REDHAT-RHSA-2023-2705.NASL", "REDHAT-RHSA-2023-2706.NASL", "REDHAT-RHSA-2023-2707.NASL", "REDHAT-RHSA-2023-2867.NASL", "REDHAT-RHSA-2023-3771.NASL", "REDHAT-RHSA-2023-3883.NASL", "REDHAT-RHSA-2023-3884.NASL", "REDHAT-RHSA-2023-3885.NASL", "REDHAT-RHSA-2023-5484.NASL", "REDHAT-RHSA-2023-5485.NASL", "REDHAT-RHSA-2023-5486.NASL", "REDHAT-RHSA-2023-7482.NASL", "REDHAT-RHSA-2023-7483.NASL", "REDHAT-RHSA-2023-7484.NASL", "ROCKY_LINUX_RLSA-2022-1860.NASL", "ROCKY_LINUX_RLSA-2022-1861.NASL", "ROCKY_LINUX_RLSA-2023-0005.NASL", "ROCKY_LINUX_RLSA-2023-2097.NASL", "SL_20130219_JAKARTA_COMMONS_HTTPCLIENT_ON_SL5_X.NASL", "SL_20221213_BCEL_ON_SL7_X.NASL", "SPRING_CVE-2023-20860.NASL", "SPRING_CVE-2023-20861.NASL", "SPRING_SECURITY_CVE-2022-31692.NASL", "SUSE_11_JAKARTA-COMMONS-HTTPCLIENT3-130328.NASL", "SUSE_SU-2022-4306-1.NASL", "SUSE_SU-2022-4331-1.NASL", "SUSE_SU-2023-0103-1.NASL", "SUSE_SU-2023-0104-1.NASL", "SUSE_SU-2023-0451-1.NASL", "SUSE_SU-2023-1673-1.NASL", "SUSE_SU-2023-1853-1.NASL", "SUSE_SU-2023-2096-1.NASL", "SUSE_SU-2023-2096-2.NASL", "SUSE_SU-2023-2843-1.NASL", "TOMCAT_10_1_2.NASL", "TOMCAT_8_5_84.NASL", "TOMCAT_9_0_69.NASL", "UBUNTU_USN-2769-1.NASL", "UBUNTU_USN-5239-1.NASL", "UBUNTU_USN-5559-1.NASL", "UBUNTU_USN-5946-1.NASL", "UBUNTU_USN-6011-1.NASL", "UBUNTU_USN-6049-1.NASL", "UBUNTU_USN-6117-1.NASL", "WEBSPHERE_6453091.NASL", "WEBSPHERE_711867.NASL", "ZIMBRA_8_8_15_P40.NASL", "ZIMBRA_9_0_0_P33.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310120079", "OPENVAS:1361412562310120384", "OPENVAS:1361412562310123724", "OPENVAS:1361412562310842488", "OPENVAS:1361412562310865277", "OPENVAS:1361412562310865280", "OPENVAS:1361412562310865298", "OPENVAS:1361412562310868129", "OPENVAS:1361412562310868132", "OPENVAS:1361412562310870917", "OPENVAS:1361412562310881604", "OPENVAS:865277", "OPENVAS:865280", "OPENVAS:865298", "OPENVAS:870917", "OPENVAS:881604"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2021", "ORACLE:CPUAPR2022", "ORACLE:CPUAPR2023", "ORACLE:CPUJAN2022", "ORACLE:CPUJAN2023", "ORACLE:CPUJUL2021", "ORACLE:CPUJUL2023", "ORACLE:CPUOCT2021", "ORACLE:CPUOCT2022", "ORACLE:CPUOCT2023"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-0270", "ELSA-2022-1860", "ELSA-2022-1861", "ELSA-2022-8958", "ELSA-2023-0005", "ELSA-2023-2378", "ELSA-2023-2867"]}, {"type": "osv", "idList": ["OSV:DLA-222-1", "OSV:DLA-2405-1", "OSV:DLA-3295-1", "OSV:DLA-3373-1", "OSV:DLA-3514-1", "OSV:DLA-3619-1", "OSV:DSA-4772-1", "OSV:DSA-5264-1", "OSV:DSA-5315-1", "OSV:DSA-5316-1", "OSV:DSA-5381-1", "OSV:GHSA-2X83-R56G-CV47", "OSV:GHSA-3832-9276-X7GF", "OSV:GHSA-3W37-5P3P-JV92", "OSV:GHSA-493P-PFQ6-5258", "OSV:GHSA-53JM-3HC9-FQQC", "OSV:GHSA-562R-VG33-8X8H", "OSV:GHSA-564R-HJ7V-MCR5", "OSV:GHSA-5X5Q-8CGM-2HJQ", "OSV:GHSA-7CXR-H8WM-FG4C", "OSV:GHSA-7PHW-CXX7-Q9VQ", "OSV:GHSA-7R82-7XV7-XCPJ", "OSV:GHSA-7V28-G2PQ-GGG8", "OSV:GHSA-8HFJ-J24R-96C4", "OSV:GHSA-97XG-PHPR-RG8Q", "OSV:GHSA-C5HG-MR8R-F6JP", "OSV:GHSA-C5XV-QC8P-MH2V", "OSV:GHSA-FX2C-96VJ-985V", "OSV:GHSA-H4QG-P7R2-CPG3", "OSV:GHSA-HR8G-6V94-X4M9", "OSV:GHSA-HWVM-VFW8-93MW", "OSV:GHSA-J563-GRX4-PJPV", "OSV:GHSA-M4MM-PG93-FV78", "OSV:GHSA-MMMH-WCXM-2WR4", "OSV:GHSA-PFCC-3G6R-8RG8", "OSV:GHSA-R29W-R9PH-VM76", "OSV:GHSA-R7QP-CFHV-P84W", "OSV:GHSA-RQ2W-37H9-VG94", "OSV:GHSA-RWQR-M72Q-V6CM", "OSV:GHSA-W37G-RHQ8-7M4J", "OSV:GHSA-X3X3-QWJQ-8GJ4", "OSV:GHSA-XF96-W227-R7C4"]}, {"type": "photon", "idList": ["PHSA-2020-0141", "PHSA-2020-3.0-0141", "PHSA-2023-3.0-0518", "PHSA-2023-4.0-0314"]}, {"type": "prion", "idList": ["PRION:CVE-2012-5783", "PRION:CVE-2012-6153", "PRION:CVE-2020-13956", "PRION:CVE-2022-24785", "PRION:CVE-2022-31692", "PRION:CVE-2022-36437", "PRION:CVE-2022-38398", "PRION:CVE-2022-38648", "PRION:CVE-2022-40146", "PRION:CVE-2022-41704", "PRION:CVE-2022-41854", "PRION:CVE-2022-41881", "PRION:CVE-2022-41940", "PRION:CVE-2022-41946", "PRION:CVE-2022-41966", "PRION:CVE-2022-42890", "PRION:CVE-2022-42920", "PRION:CVE-2022-4492", "PRION:CVE-2022-45143", "PRION:CVE-2022-46363", "PRION:CVE-2022-46364", "PRION:CVE-2023-1108", "PRION:CVE-2023-1370", "PRION:CVE-2023-20860", "PRION:CVE-2023-20861", "PRION:CVE-2023-20883", "PRION:CVE-2023-22602", "PRION:CVE-2023-33201", "PRION:CVE-2023-33251"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5D616AEDEB1ED38936203BA7E14FD9FC", "QUALYSBLOG:D140886B3C4505719904327B06F12032", "QUALYSBLOG:D1FC7658A8AB3554F3796CEE14DA3320", "QUALYSBLOG:D99AE1031C2A68C1DE4B1CA75299C33D"]}, {"type": "redhat", "idList": ["RHSA-2013:0270", "RHSA-2013:0679", "RHSA-2013:0680", "RHSA-2013:0682", "RHSA-2013:1006", "RHSA-2013:1853", "RHSA-2014:0224", "RHSA-2014:1162", "RHSA-2014:1320", "RHSA-2014:1321", "RHSA-2014:1904", "RHSA-2015:0234", "RHSA-2015:0235", "RHSA-2015:0675", "RHSA-2015:0720", "RHSA-2015:0765", "RHSA-2015:0850", "RHSA-2015:0851", "RHSA-2017:0868", "RHSA-2021:0084", "RHSA-2021:0246", "RHSA-2021:0247", "RHSA-2021:0248", "RHSA-2021:0250", "RHSA-2021:0327", "RHSA-2021:0603", "RHSA-2021:0811", "RHSA-2021:1044", "RHSA-2021:3140", "RHSA-2021:3700", "RHSA-2021:4100", "RHSA-2022:0722", "RHSA-2022:1681", "RHSA-2022:1715", "RHSA-2022:1860", "RHSA-2022:1861", "RHSA-2022:4918", "RHSA-2022:4919", "RHSA-2022:4922", "RHSA-2022:4956", "RHSA-2022:5006", "RHSA-2022:5201", "RHSA-2022:5392", "RHSA-2022:6156", "RHSA-2022:6272", "RHSA-2022:6277", "RHSA-2022:6813", "RHSA-2022:7055", "RHSA-2022:8652", "RHSA-2022:8958", "RHSA-2022:8959", "RHSA-2023:0004", "RHSA-2023:0005", "RHSA-2023:0076", "RHSA-2023:0163", "RHSA-2023:0164", "RHSA-2023:0470", "RHSA-2023:0471", "RHSA-2023:0483", "RHSA-2023:0544", "RHSA-2023:0552", "RHSA-2023:0553", "RHSA-2023:0554", "RHSA-2023:0556", "RHSA-2023:0577", "RHSA-2023:0661", "RHSA-2023:0713", "RHSA-2023:0758", "RHSA-2023:0759", "RHSA-2023:0888", "RHSA-2023:0934", "RHSA-2023:1006", "RHSA-2023:1043", "RHSA-2023:1044", "RHSA-2023:1045", "RHSA-2023:1047", "RHSA-2023:1049", "RHSA-2023:1177", "RHSA-2023:1184", "RHSA-2023:1185", "RHSA-2023:1285", "RHSA-2023:1286", "RHSA-2023:1512", "RHSA-2023:1513", "RHSA-2023:1514", "RHSA-2023:1516", "RHSA-2023:1630", "RHSA-2023:1655", "RHSA-2023:1656", "RHSA-2023:1663", "RHSA-2023:1664", "RHSA-2023:1815", "RHSA-2023:2041", "RHSA-2023:2097", "RHSA-2023:2099", "RHSA-2023:2100", "RHSA-2023:2135", "RHSA-2023:2378", "RHSA-2023:2705", "RHSA-2023:2706", "RHSA-2023:2707", "RHSA-2023:2710", "RHSA-2023:2713", "RHSA-2023:2867", "RHSA-2023:3179", "RHSA-2023:3185", "RHSA-2023:3193", "RHSA-2023:3223", "RHSA-2023:3296", "RHSA-2023:3362", "RHSA-2023:3373", "RHSA-2023:3374", "RHSA-2023:3610", "RHSA-2023:3622", "RHSA-2023:3625", "RHSA-2023:3641", "RHSA-2023:3642", "RHSA-2023:3663", "RHSA-2023:3740", "RHSA-2023:3771", "RHSA-2023:3813", "RHSA-2023:3883", "RHSA-2023:3884", "RHSA-2023:3885", "RHSA-2023:3888", "RHSA-2023:3892", "RHSA-2023:3906", "RHSA-2023:3915", "RHSA-2023:4200", "RHSA-2023:4612", "RHSA-2023:4627", "RHSA-2023:4983", "RHSA-2023:5147", "RHSA-2023:5165", "RHSA-2023:5484", "RHSA-2023:5485", "RHSA-2023:5486", "RHSA-2023:5488", "RHSA-2023:7486", "RHSA-2023:7488"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-13956", "RH:CVE-2022-24785", "RH:CVE-2022-31692", "RH:CVE-2022-36437", "RH:CVE-2022-38398", "RH:CVE-2022-38648", "RH:CVE-2022-40146", "RH:CVE-2022-41704", "RH:CVE-2022-41854", "RH:CVE-2022-41881", "RH:CVE-2022-41940", "RH:CVE-2022-41946", "RH:CVE-2022-41966", "RH:CVE-2022-42890", "RH:CVE-2022-42920", "RH:CVE-2022-4492", "RH:CVE-2022-45143", "RH:CVE-2022-46363", "RH:CVE-2022-46364", "RH:CVE-2023-1108", "RH:CVE-2023-1370", "RH:CVE-2023-20860", "RH:CVE-2023-20861", "RH:CVE-2023-20883", "RH:CVE-2023-22602", "RH:CVE-2023-33201"]}, {"type": "redos", "idList": ["ROS-20221103-03"]}, {"type": "rocky", "idList": ["RLSA-2022:1860", "RLSA-2022:1861", "RLSA-2023:0005", "RLSA-2023:2097"]}, {"type": "rosalinux", "idList": ["ROSA-SA-2023-2239"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32573"]}, {"type": "spring", "idList": ["SPRING:2842950759A02EEBD758A734688E6007", "SPRING:56CCA2EFA4ADA8FA75D655BD9BBB732C", "SPRING:FF63FD0D49DBB2A3845A2CE00DB969A4"]}, {"type": "tomcat", "idList": ["TOMCAT:3077CDFB142222B6620BB22B7D921370", "TOMCAT:3EFB0E2EA0199A464EF667E340D1BA91", "TOMCAT:4066E0D070FE03B4542E1F4DC57DDD66"]}, {"type": "ubuntu", "idList": ["USN-2769-1", "USN-5239-1", "USN-5559-1", "USN-5946-1", "USN-6011-1", "USN-6049-1", "USN-6117-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2012-5783", "UB:CVE-2012-6153", "UB:CVE-2020-13956", "UB:CVE-2022-24785", "UB:CVE-2022-31692", "UB:CVE-2022-38398", "UB:CVE-2022-38648", "UB:CVE-2022-40146", "UB:CVE-2022-41704", "UB:CVE-2022-41854", "UB:CVE-2022-41881", "UB:CVE-2022-41946", "UB:CVE-2022-41966", "UB:CVE-2022-42890", "UB:CVE-2022-42920", "UB:CVE-2022-4492", "UB:CVE-2022-45143", "UB:CVE-2023-1108", "UB:CVE-2023-1370", "UB:CVE-2023-20860", "UB:CVE-2023-20861", "UB:CVE-2023-22602", "UB:CVE-2023-33201"]}, {"type": "veracode", "idList": ["VERACODE:11070", "VERACODE:11290", "VERACODE:27558", "VERACODE:34968", "VERACODE:37274", "VERACODE:37275", "VERACODE:37277", "VERACODE:37690", "VERACODE:37691", "VERACODE:37815", "VERACODE:37840", "VERACODE:38078", "VERACODE:38184", "VERACODE:38225", "VERACODE:38439", "VERACODE:38461", "VERACODE:38463", "VERACODE:38676", "VERACODE:38806", "VERACODE:38823", "VERACODE:39923", "VERACODE:39936", "VERACODE:39962", "VERACODE:39984", "VERACODE:40739", "VERACODE:41123", "VERACODE:43824", "VERACODE:44211"]}, {"type": "zdi", "idList": ["ZDI-22-1327", "ZDI-22-1328"]}]}, "score": {"value": 8.7, "vector": "NONE"}, "vulnersScore": 8.7}, "_state": {"dependencies": 1701891669, "score": 1701892772}, "_internal": {"score_hash": "a5f94c4e6763dfc98b4740a0f4554896"}, "affectedPackage": [], "vendorCvss": {"severity": "critical"}}

{"amazon": [{"lastseen": "2023-12-06T18:29:14", "description": "**Issue Overview:**\n\nApache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. (CVE-2020-11987)\n\nServer-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38398)\n\nServer-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38648)\n\nServer-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-40146)\n\nA vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16. (CVE-2022-41704)\n\nA vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16. (CVE-2022-42890)\n\n \n**Affected Packages:** \n\n\nbatik\n\n \n**Note:**\n\nThis advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this [FAQ section](<../../faqs.html#clarify-al2-advisories>) for the difference between AL2 Core and AL2 Extras advisories. \n\n \n**Issue Correction:** \nRun _yum update batik_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n noarch: \n \u00a0\u00a0\u00a0 batik-1.8-0.12.svn1230816.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 batik-squiggle-1.8-0.12.svn1230816.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 batik-svgpp-1.8-0.12.svn1230816.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 batik-ttf2svg-1.8-0.12.svn1230816.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 batik-rasterizer-1.8-0.12.svn1230816.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 batik-slideshow-1.8-0.12.svn1230816.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 batik-javadoc-1.8-0.12.svn1230816.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 batik-demo-1.8-0.12.svn1230816.amzn2.0.1.noarch \n \n src: \n \u00a0\u00a0\u00a0 batik-1.8-0.12.svn1230816.amzn2.0.1.src \n \n \n\n### Additional References\n\nRed Hat: [CVE-2020-11987](<https://access.redhat.com/security/cve/CVE-2020-11987>), [CVE-2022-38398](<https://access.redhat.com/security/cve/CVE-2022-38398>), [CVE-2022-38648](<https://access.redhat.com/security/cve/CVE-2022-38648>), [CVE-2022-40146](<https://access.redhat.com/security/cve/CVE-2022-40146>), [CVE-2022-41704](<https://access.redhat.com/security/cve/CVE-2022-41704>), [CVE-2022-42890](<https://access.redhat.com/security/cve/CVE-2022-42890>)\n\nMitre: [CVE-2020-11987](<https://vulners.com/cve/CVE-2020-11987>), [CVE-2022-38398](<https://vulners.com/cve/CVE-2022-38398>), [CVE-2022-38648](<https://vulners.com/cve/CVE-2022-38648>), [CVE-2022-40146](<https://vulners.com/cve/CVE-2022-40146>), [CVE-2022-41704](<https://vulners.com/cve/CVE-2022-41704>), [CVE-2022-42890](<https://vulners.com/cve/CVE-2022-42890>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2023-03-02T21:49:00", "type": "amazon", "title": "Important: batik", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11987", "CVE-2022-38398", "CVE-2022-38648", "CVE-2022-40146", "CVE-2022-41704", "CVE-2022-42890"], "modified": "2023-03-07T00:19:00", "id": "ALAS2-2023-1966", "href": "https://alas.aws.amazon.com/AL2/ALAS-2023-1966.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-12-06T17:37:37", "description": "**Issue Overview:**\n\nApache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. (CVE-2020-11987)\n\nServer-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38398)\n\nServer-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38648)\n\nServer-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-40146)\n\nA vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16. (CVE-2022-41704)\n\nA vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16. (CVE-2022-42890)\n\n \n**Affected Packages:** \n\n\nbatik\n\n \n**Issue Correction:** \nRun _yum update batik_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 batik-squiggle-1.7-10.10.amzn1.i686 \n \u00a0\u00a0\u00a0 batik-rasterizer-1.7-10.10.amzn1.i686 \n \u00a0\u00a0\u00a0 batik-slideshow-1.7-10.10.amzn1.i686 \n \u00a0\u00a0\u00a0 batik-svgpp-1.7-10.10.amzn1.i686 \n \u00a0\u00a0\u00a0 batik-ttf2svg-1.7-10.10.amzn1.i686 \n \u00a0\u00a0\u00a0 batik-demo-1.7-10.10.amzn1.i686 \n \u00a0\u00a0\u00a0 batik-1.7-10.10.amzn1.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 batik-javadoc-1.7-10.10.amzn1.noarch \n \n src: \n \u00a0\u00a0\u00a0 batik-1.7-10.10.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 batik-demo-1.7-10.10.amzn1.x86_64 \n \u00a0\u00a0\u00a0 batik-squiggle-1.7-10.10.amzn1.x86_64 \n \u00a0\u00a0\u00a0 batik-rasterizer-1.7-10.10.amzn1.x86_64 \n \u00a0\u00a0\u00a0 batik-svgpp-1.7-10.10.amzn1.x86_64 \n \u00a0\u00a0\u00a0 batik-ttf2svg-1.7-10.10.amzn1.x86_64 \n \u00a0\u00a0\u00a0 batik-slideshow-1.7-10.10.amzn1.x86_64 \n \u00a0\u00a0\u00a0 batik-1.7-10.10.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2020-11987](<https://access.redhat.com/security/cve/CVE-2020-11987>), [CVE-2022-38398](<https://access.redhat.com/security/cve/CVE-2022-38398>), [CVE-2022-38648](<https://access.redhat.com/security/cve/CVE-2022-38648>), [CVE-2022-40146](<https://access.redhat.com/security/cve/CVE-2022-40146>), [CVE-2022-41704](<https://access.redhat.com/security/cve/CVE-2022-41704>), [CVE-2022-42890](<https://access.redhat.com/security/cve/CVE-2022-42890>)\n\nMitre: [CVE-2020-11987](<https://vulners.com/cve/CVE-2020-11987>), [CVE-2022-38398](<https://vulners.com/cve/CVE-2022-38398>), [CVE-2022-38648](<https://vulners.com/cve/CVE-2022-38648>), [CVE-2022-40146](<https://vulners.com/cve/CVE-2022-40146>), [CVE-2022-41704](<https://vulners.com/cve/CVE-2022-41704>), [CVE-2022-42890](<https://vulners.com/cve/CVE-2022-42890>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2023-03-02T20:21:00", "type": "amazon", "title": "Important: batik", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11987", "CVE-2022-38398", "CVE-2022-38648", "CVE-2022-40146", "CVE-2022-41704", "CVE-2022-42890"], "modified": "2023-03-07T01:56:00", "id": "ALAS-2023-1695", "href": "https://alas.aws.amazon.com/ALAS-2023-1695.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-12-06T18:28:11", "description": "**Issue Overview:**\n\nXStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This issue is patched in version 1.4.20 which handles the stack overflow and raises an InputManipulationException instead. A potential workaround for users who only use HashMap or HashSet and whose XML refers these only as default map or set, is to change the default implementation of java.util.Map and java.util per the code example in the referenced advisory. However, this implies that your application does not care about the implementation of the map and all elements are comparable. (CVE-2022-41966)\n\n \n**Affected Packages:** \n\n\nxstream\n\n \n**Note:**\n\nThis advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this [FAQ section](<../../faqs.html#clarify-al2-advisories>) for the difference between AL2 Core and AL2 Extras advisories. \n\n \n**Issue Correction:** \nRun _yum update xstream_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n noarch: \n \u00a0\u00a0\u00a0 xstream-1.3.1-16.amzn2.0.1.noarch \n \u00a0\u00a0\u00a0 xstream-javadoc-1.3.1-16.amzn2.0.1.noarch \n \n src: \n \u00a0\u00a0\u00a0 xstream-1.3.1-16.amzn2.0.1.src \n \n \n\n### Additional References\n\nRed Hat: [CVE-2022-41966](<https://access.redhat.com/security/cve/CVE-2022-41966>)\n\nMitre: [CVE-2022-41966](<https://vulners.com/cve/CVE-2022-41966>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-03-30T18:56:00", "type": "amazon", "title": "Important: xstream", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-41966"], "modified": "2023-04-04T22:10:00", "id": "ALAS2-2023-2007", "href": "https://alas.aws.amazon.com/AL2/ALAS-2023-2007.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2023-08-31T18:30:37", "description": "The version of batik installed on the remote host is prior to 1.8-0.12.svn1230816. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1966 advisory.\n\n - Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. (CVE-2020-11987)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38398)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38648)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-40146)\n\n - A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG.\n This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.\n (CVE-2022-41704)\n\n - A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16. (CVE-2022-42890)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-07T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : batik (ALAS-2023-1966)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11987", "CVE-2022-38398", "CVE-2022-38648", "CVE-2022-40146", "CVE-2022-41704", "CVE-2022-42890"], "modified": "2023-08-31T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:batik", "p-cpe:/a:amazon:linux:batik-demo", "p-cpe:/a:amazon:linux:batik-javadoc", "p-cpe:/a:amazon:linux:batik-rasterizer", "p-cpe:/a:amazon:linux:batik-slideshow", "p-cpe:/a:amazon:linux:batik-squiggle", "p-cpe:/a:amazon:linux:batik-svgpp", "p-cpe:/a:amazon:linux:batik-ttf2svg", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2023-1966.NASL", "href": "https://www.tenable.com/plugins/nessus/172170", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2023-1966.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(172170);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/08/31\");\n\n script_cve_id(\n \"CVE-2020-11987\",\n \"CVE-2022-38398\",\n \"CVE-2022-38648\",\n \"CVE-2022-40146\",\n \"CVE-2022-41704\",\n \"CVE-2022-42890\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Amazon Linux 2 : batik (ALAS-2023-1966)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of batik installed on the remote host is prior to 1.8-0.12.svn1230816. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the ALAS2-2023-1966 advisory.\n\n - Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the\n NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to\n cause the underlying server to make arbitrary GET requests. (CVE-2020-11987)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to\n load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38398)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to\n fetch external resources. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38648)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to\n access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-40146)\n\n - A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG.\n This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.\n (CVE-2022-41704)\n\n - A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via\n JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to\n version 1.16. (CVE-2022-42890)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2023-1966.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/../../faqs.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-11987.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-38398.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-38648.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-40146.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-41704.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-42890.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update batik' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11987\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:batik\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:batik-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:batik-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:batik-rasterizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:batik-slideshow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:batik-squiggle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:batik-svgpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:batik-ttf2svg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'batik-1.8-0.12.svn1230816.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-demo-1.8-0.12.svn1230816.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-javadoc-1.8-0.12.svn1230816.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-rasterizer-1.8-0.12.svn1230816.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-slideshow-1.8-0.12.svn1230816.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-squiggle-1.8-0.12.svn1230816.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-svgpp-1.8-0.12.svn1230816.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-ttf2svg-1.8-0.12.svn1230816.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"batik / batik-demo / batik-javadoc / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-31T17:29:48", "description": "The version of batik installed on the remote host is prior to 1.7-10.10. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1695 advisory.\n\n - Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. (CVE-2020-11987)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38398)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38648)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-40146)\n\n - A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG.\n This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.\n (CVE-2022-41704)\n\n - A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16. (CVE-2022-42890)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-07T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : batik (ALAS-2023-1695)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11987", "CVE-2022-38398", "CVE-2022-38648", "CVE-2022-40146", "CVE-2022-41704", "CVE-2022-42890"], "modified": "2023-08-31T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:batik", "p-cpe:/a:amazon:linux:batik-demo", "p-cpe:/a:amazon:linux:batik-javadoc", "p-cpe:/a:amazon:linux:batik-rasterizer", "p-cpe:/a:amazon:linux:batik-slideshow", "p-cpe:/a:amazon:linux:batik-squiggle", "p-cpe:/a:amazon:linux:batik-svgpp", "p-cpe:/a:amazon:linux:batik-ttf2svg", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2023-1695.NASL", "href": "https://www.tenable.com/plugins/nessus/172184", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2023-1695.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(172184);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/08/31\");\n\n script_cve_id(\n \"CVE-2020-11987\",\n \"CVE-2022-38398\",\n \"CVE-2022-38648\",\n \"CVE-2022-40146\",\n \"CVE-2022-41704\",\n \"CVE-2022-42890\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Amazon Linux AMI : batik (ALAS-2023-1695)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of batik installed on the remote host is prior to 1.7-10.10. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS-2023-1695 advisory.\n\n - Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the\n NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to\n cause the underlying server to make arbitrary GET requests. (CVE-2020-11987)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to\n load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38398)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to\n fetch external resources. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38648)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to\n access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-40146)\n\n - A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG.\n This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.\n (CVE-2022-41704)\n\n - A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via\n JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to\n version 1.16. (CVE-2022-42890)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2023-1695.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/../../faqs.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-11987.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-38398.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-38648.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-40146.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-41704.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-42890.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update batik' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11987\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:batik\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:batik-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:batik-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:batik-rasterizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:batik-slideshow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:batik-squiggle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:batik-svgpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:batik-ttf2svg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'batik-1.7-10.10.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-1.7-10.10.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-demo-1.7-10.10.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-demo-1.7-10.10.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-javadoc-1.7-10.10.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-rasterizer-1.7-10.10.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-rasterizer-1.7-10.10.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-slideshow-1.7-10.10.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-slideshow-1.7-10.10.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-squiggle-1.7-10.10.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-squiggle-1.7-10.10.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-svgpp-1.7-10.10.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-svgpp-1.7-10.10.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-ttf2svg-1.7-10.10.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'batik-ttf2svg-1.7-10.10.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"batik / batik-demo / batik-javadoc / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-17T10:53:02", "description": "The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6117-1 advisory.\n\n - Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the xlink:href attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. (CVE-2019-17566)\n\n - Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. (CVE-2020-11987)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38398)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38648)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-40146)\n\n - A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG.\n This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.\n (CVE-2022-41704)\n\n - A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16. (CVE-2022-42890)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-05-30T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : Apache Batik vulnerabilities (USN-6117-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17566", "CVE-2020-11987", "CVE-2022-38398", "CVE-2022-38648", "CVE-2022-40146", "CVE-2022-41704", "CVE-2022-42890"], "modified": "2023-10-16T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:esm", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libbatik-java"], "id": "UBUNTU_USN-6117-1.NASL", "href": "https://www.tenable.com/plugins/nessus/176489", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-6117-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(176489);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/16\");\n\n script_cve_id(\n \"CVE-2019-17566\",\n \"CVE-2020-11987\",\n \"CVE-2022-38398\",\n \"CVE-2022-38648\",\n \"CVE-2022-40146\",\n \"CVE-2022-41704\",\n \"CVE-2022-42890\"\n );\n script_xref(name:\"USN\", value:\"6117-1\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n\n script_name(english:\"Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : Apache Batik vulnerabilities (USN-6117-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by\nmultiple vulnerabilities as referenced in the USN-6117-1 advisory.\n\n - Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the\n xlink:href attributes. By using a specially-crafted argument, an attacker could exploit this\n vulnerability to cause the underlying server to make arbitrary GET requests. (CVE-2019-17566)\n\n - Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the\n NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to\n cause the underlying server to make arbitrary GET requests. (CVE-2020-11987)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to\n load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38398)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to\n fetch external resources. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38648)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to\n access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-40146)\n\n - A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG.\n This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.\n (CVE-2022-41704)\n\n - A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via\n JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to\n version 1.16. (CVE-2022-42890)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-6117-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libbatik-java package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11987\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/05/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:esm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libbatik-java\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release || '18.04' >< os_release || '20.04' >< os_release || '22.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04 / 22.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '16.04', 'pkgname': 'libbatik-java', 'pkgver': '1.8-3ubuntu1+esm1'},\n {'osver': '18.04', 'pkgname': 'libbatik-java', 'pkgver': '1.10-2~18.04.1'},\n {'osver': '20.04', 'pkgname': 'libbatik-java', 'pkgver': '1.12-1ubuntu0.1'},\n {'osver': '22.04', 'pkgname': 'libbatik-java', 'pkgver': '1.14-1ubuntu0.2'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libbatik-java');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:37:09", "description": "The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5264 advisory.\n\n - A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG.\n This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.\n (CVE-2022-41704)\n\n - A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16. (CVE-2022-42890)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-30T00:00:00", "type": "nessus", "title": "Debian DSA-5264-1 : batik - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-41704", "CVE-2022-42890"], "modified": "2022-11-28T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libbatik-java", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5264.NASL", "href": "https://www.tenable.com/plugins/nessus/166705", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5264. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166705);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/28\");\n\n script_cve_id(\"CVE-2022-41704\", \"CVE-2022-42890\");\n\n script_name(english:\"Debian DSA-5264-1 : batik - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the\ndsa-5264 advisory.\n\n - A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG.\n This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.\n (CVE-2022-41704)\n\n - A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via\n JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to\n version 1.16. (CVE-2022-42890)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/batik\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5264\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-41704\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-42890\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/batik\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the batik packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 1.12-4+deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42890\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbatik-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar debian_release = get_kb_item('Host/Debian/release');\nif ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');\ndebian_release = chomp(debian_release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + debian_release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'libbatik-java', 'reference': '1.12-4+deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var _release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (_release && prefix && reference) {\n if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libbatik-java');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-23T05:26:04", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:3771 advisory.\n\n - Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using ** as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass. (CVE-2023-20860)\n\n - In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. (CVE-2023-20861)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-06-22T00:00:00", "type": "nessus", "title": "RHEL 8 : Red Hat Virtualization (RHSA-2023:3771)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-20860", "CVE-2023-20861"], "modified": "2023-06-22T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:ovirt-dependencies"], "id": "REDHAT-RHSA-2023-3771.NASL", "href": "https://www.tenable.com/plugins/nessus/177528", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2023:3771. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(177528);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/06/22\");\n\n script_cve_id(\"CVE-2023-20860\", \"CVE-2023-20861\");\n script_xref(name:\"RHSA\", value:\"2023:3771\");\n\n script_name(english:\"RHEL 8 : Red Hat Virtualization (RHSA-2023:3771)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2023:3771 advisory.\n\n - Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using ** as a pattern in Spring\n Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring\n Security and Spring MVC, and the potential for a security bypass. (CVE-2023-20860)\n\n - In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older\n unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may\n cause a denial-of-service (DoS) condition. (CVE-2023-20861)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2023-20860\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2023-20861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2023:3771\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ovirt-dependencies package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-20860\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(155, 770);\n script_set_attribute(attribute:\"vendor_severity\", value:\"Important\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/03/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/06/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ovirt-dependencies\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/layered/rhel8/x86_64/rhv-manager/4.4/debug',\n 'content/dist/layered/rhel8/x86_64/rhv-manager/4.4/os',\n 'content/dist/layered/rhel8/x86_64/rhv-manager/4.4/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'ovirt-dependencies-4.5.3-1.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rhevm-4'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ovirt-dependencies');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:36:51", "description": "The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3169 advisory.\n\n - A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG.\n This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.\n (CVE-2022-41704)\n\n - A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16. (CVE-2022-42890)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-31T00:00:00", "type": "nessus", "title": "Debian DLA-3169-1 : batik - LTS security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-41704", "CVE-2022-42890"], "modified": "2022-11-28T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libbatik-java", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DLA-3169.NASL", "href": "https://www.tenable.com/plugins/nessus/166735", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-3169. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166735);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/28\");\n\n script_cve_id(\"CVE-2022-41704\", \"CVE-2022-42890\");\n\n script_name(english:\"Debian DLA-3169-1 : batik - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the\ndla-3169 advisory.\n\n - A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG.\n This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.\n (CVE-2022-41704)\n\n - A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via\n JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to\n version 1.16. (CVE-2022-42890)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/batik\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2022/dla-3169\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-41704\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-42890\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/batik\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the batik packages.\n\nFor Debian 10 buster, these problems have been fixed in version 1.10-2+deb10u2.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42890\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbatik-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar debian_release = get_kb_item('Host/Debian/release');\nif ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');\ndebian_release = chomp(debian_release);\nif (! preg(pattern:\"^(10)\\.[0-9]+\", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + debian_release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '10.0', 'prefix': 'libbatik-java', 'reference': '1.10-2+deb10u2'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var _release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (_release && prefix && reference) {\n if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libbatik-java');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-17T11:07:02", "description": "The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3619 advisory.\n\n - Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. (CVE-2020-11987)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38398)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38648)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-40146)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later. (CVE-2022-44729)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL. (CVE-2022-44730)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-10-14T00:00:00", "type": "nessus", "title": "Debian DLA-3619-1 : batik - LTS security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11987", "CVE-2022-38398", "CVE-2022-38648", "CVE-2022-40146", "CVE-2022-44729", "CVE-2022-44730"], "modified": "2023-10-15T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libbatik-java", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DLA-3619.NASL", "href": "https://www.tenable.com/plugins/nessus/183091", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-3619. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(183091);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/15\");\n\n script_cve_id(\n \"CVE-2020-11987\",\n \"CVE-2022-38398\",\n \"CVE-2022-38648\",\n \"CVE-2022-40146\",\n \"CVE-2022-44729\",\n \"CVE-2022-44730\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Debian DLA-3619-1 : batik - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the\ndla-3619 advisory.\n\n - Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the\n NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to\n cause the underlying server to make arbitrary GET requests. (CVE-2020-11987)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to\n load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38398)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to\n fetch external resources. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-38648)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to\n access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14. (CVE-2022-40146)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics\n Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger\n loading external resources by default, causing resource consumption or in some cases even information\n disclosure. Users are recommended to upgrade to version 1.17 or later. (CVE-2022-44729)\n\n - Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics\n Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data\n and send it directly as parameter to a URL. (CVE-2022-44730)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/batik\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2023/dla-3619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-11987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-38398\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-38648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-40146\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-44729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-44730\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/batik\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the batik packages.\n\nFor Debian 10 buster, these problems have been fixed in version 1.10-2+deb10u3.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11987\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/10/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbatik-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar debian_release = get_kb_item('Host/Debian/release');\nif ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');\ndebian_release = chomp(debian_release);\nif (! preg(pattern:\"^(10)\\.[0-9]+\", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + debian_release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '10.0', 'prefix': 'libbatik-java', 'reference': '1.10-2+deb10u3'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var _release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (_release && prefix && reference) {\n if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libbatik-java');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-01T17:15:14", "description": "The version of Oracle Identity Manager installed on the remote host is missing a security patch and is, therefore affected by multiple vulnerabilities as referenced in the July 2023 Critical Patch Update(CPU) advisory.\n\n - Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Third Party (Spring Framework)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Identity Manager accessible data. (CVE-2023-20860)\n\n - Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Installer (Apache Commons FileUpload)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Identity Manager. (CVE-2023-24998)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-07-21T00:00:00", "type": "nessus", "title": "Oracle Identity Manager (Jul 2023 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-20860", "CVE-2023-20861", "CVE-2023-24998"], "modified": "2023-10-24T00:00:00", "cpe": ["cpe:/a:oracle:identity_manager"], "id": "ORACLE_IDENTITY_MANAGEMENT_CPU_JUL_2023.NASL", "href": "https://www.tenable.com/plugins/nessus/178709", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(178709);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/24\");\n\n script_cve_id(\"CVE-2023-20860\", \"CVE-2023-20861\", \"CVE-2023-24998\");\n script_xref(name:\"IAVA\", value:\"2023-A-0365-S\");\n script_xref(name:\"IAVA\", value:\"2023-A-0559\");\n\n script_name(english:\"Oracle Identity Manager (Jul 2023 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application on the remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle Identity Manager installed on the remote host is missing a security patch and is,\ntherefore affected by multiple vulnerabilities as referenced in the July 2023 Critical Patch Update(CPU) advisory.\n\n - Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Third Party \n (Spring Framework)). The supported version that is affected is 12.2.1.4.0. Easily exploitable \n vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity \n Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or \n modification access to critical data or all Oracle Identity Manager accessible data. (CVE-2023-20860)\n\n - Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Installer \n (Apache Commons FileUpload)). The supported version that is affected is 12.2.1.4.0. Easily exploitable \n vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity \n Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or \n frequently repeatable crash (complete DOS) of Oracle Identity Manager. (CVE-2023-24998)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/docs/tech/security-alerts/cpuJul2023cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuJul2023.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the July 2023 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-20860\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:identity_manager\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_identity_management_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle Identity Manager\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app_info = vcf::get_app_info(app:'Oracle Identity Manager');\n\nvar constraints = [\n { 'min_version' : '12.2.1.4.0', 'fixed_version' : '12.2.1.4.230708' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T13:07:19", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1513 advisory.\n\n - SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n\n - snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)\n\n - hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853)\n\n - dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)\n\n - codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)\n\n - undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)\n\n - apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider (CVE-2022-45787)\n\n - RESTEasy: creation of insecure temp files (CVE-2023-0482)\n\n - Undertow: Infinite loop in SslConduit during close (CVE-2023-1108)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-30T00:00:00", "type": "nessus", "title": "RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 8 (RHSA-2023:1513)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1471", "CVE-2022-38752", "CVE-2022-41853", "CVE-2022-41854", "CVE-2022-41881", "CVE-2022-4492", "CVE-2022-45787", "CVE-2023-0482", "CVE-2023-1108"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-native", "p-cpe:/a:redhat:enterprise_linux:eap7-apache-mime4j", "p-cpe:/a:redhat:enterprise_linux:eap7-artemis-native", "p-cpe:/a:redhat:enterprise_linux:eap7-artemis-native-wildfly", "p-cpe:/a:redhat:enterprise_linux:eap7-artemis-wildfly-integration", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-cachestore-jdbc", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-cachestore-remote", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-client-hotrod", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-commons", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-component-annotations", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-core", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-commons", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-spi", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-v53", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-api", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-impl", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-spi", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-api", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-impl", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-deployers-common", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-jdbc", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-validator", "p-cpe:/a:redhat:enterprise_linux:eap7-netty", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-all", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-buffer", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jaxb-provider", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jaxrs", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jettison-provider", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jose-jwt", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jsapi", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-json-binding-provider", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-json-p-provider", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-multipart-provider", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-rxjava2", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-spring", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-validator-provider-11", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-yaml-provider", "p-cpe:/a:redhat:enterprise_linux:eap7-snakeyaml", "p-cpe:/a:redhat:enterprise_linux:eap7-undertow", "p-cpe:/a:redhat:enterprise_linux:eap7-undertow-jastow", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-dns", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-haproxy", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-http", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-http2", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-memcache", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-mqtt", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-redis", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-smtp", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-socks", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-stomp", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-xml", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-common", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-handler", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-handler-proxy", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-resolver", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-resolver-dns", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-resolver-dns-classes-macos", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-classes-epoll", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-classes-kqueue", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-native-epoll", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-native-unix-common", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-rxtx", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-sctp", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-udt", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-api", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-common", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-config", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-client-common", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-ejb-client", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-naming-client", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-transaction-client", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-java-jdk11", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-java-jdk17", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-java-jdk8", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-javadocs", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-modules", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-federation", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-api", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-impl", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-simple-schema", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-impl", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-atom-provider", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-cdi", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-client", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-crypto", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jackson-provider", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jackson2-provider"], "id": "REDHAT-RHSA-2023-1513.NASL", "href": "https://www.tenable.com/plugins/nessus/173692", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2023:1513. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(173692);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2022-1471\",\n \"CVE-2022-4492\",\n \"CVE-2022-38752\",\n \"CVE-2022-41853\",\n \"CVE-2022-41854\",\n \"CVE-2022-41881\",\n \"CVE-2022-45787\",\n \"CVE-2023-0482\",\n \"CVE-2023-1108\"\n );\n script_xref(name:\"RHSA\", value:\"2023:1513\");\n\n script_name(english:\"RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 8 (RHSA-2023:1513)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2023:1513 advisory.\n\n - SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n\n - snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)\n\n - hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853)\n\n - dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)\n\n - codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)\n\n - undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)\n\n - apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider\n (CVE-2022-45787)\n\n - RESTEasy: creation of insecure temp files (CVE-2023-0482)\n\n - Undertow: Infinite loop in SslConduit during close (CVE-2023-1108)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1471\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-4492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-38752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-41853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-41854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-41881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-45787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2023-0482\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2023-1108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2023:1513\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2129710\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2136141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2150009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2151988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2153260\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2153379\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2158916\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2166004\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2174246\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41853\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 200, 378, 470, 502, 550, 674, 787, 835, 1066);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-apache-mime4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-artemis-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-artemis-native-wildfly\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-artemis-wildfly-integration\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-cachestore-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-cachestore-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-client-hotrod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-commons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-component-annotations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-commons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-v53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-deployers-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-validator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-buffer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-dns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-haproxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-http\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-http2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-memcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-mqtt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-redis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-smtp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-socks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-stomp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-handler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-handler-proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-resolver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-resolver-dns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-resolver-dns-classes-macos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-classes-epoll\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-classes-kqueue\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-native-epoll\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-native-unix-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-rxtx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-sctp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-udt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-federation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-simple-schema\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-atom-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-cdi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-crypto\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jackson-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jackson2-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jaxb-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jaxrs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jettison-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jose-jwt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jsapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-json-binding-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-json-p-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-multipart-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-rxjava2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-spring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-validator-provider-11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-yaml-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-snakeyaml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-undertow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-undertow-jastow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-client-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-ejb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-naming-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-transaction-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-java-jdk11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-java-jdk17\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-java-jdk8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-javadocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-modules\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/layered/rhel8/x86_64/jbeap/7.4/debug',\n 'content/dist/layered/rhel8/x86_64/jbeap/7.4/os',\n 'content/dist/layered/rhel8/x86_64/jbeap/7.4/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'eap7-activemq-artemis-native-1.0.2-3.redhat_00004.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'eap7-jboss'},\n {'reference':'eap7-apache-mime4j-0.8.9-1.redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-artemis-native-1.0.2-4.redhat_00004.1.el8eap', 'cpu':'x86_64', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'eap7-jboss'},\n {'reference':'eap7-artemis-native-wildfly-1.0.2-4.redhat_00004.1.el8eap', 'cpu':'x86_64', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'eap7-jboss'},\n {'reference':'eap7-artemis-wildfly-integration-1.0.7-1.redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-infinispan-11.0.17-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-infinispan-cachestore-jdbc-11.0.17-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-infinispan-cachestore-remote-11.0.17-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-infinispan-client-hotrod-11.0.17-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-infinispan-commons-11.0.17-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-infinispan-component-annotations-11.0.17-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-infinispan-core-11.0.17-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-infinispan-hibernate-cache-commons-11.0.17-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-infinispan-hibernate-cache-spi-11.0.17-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-infinispan-hibernate-cache-v53-11.0.17-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-ironjacamar-1.5.11-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-ironjacamar-common-api-1.5.11-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-ironjacamar-common-impl-1.5.11-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-ironjacamar-common-spi-1.5.11-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-ironjacamar-core-api-1.5.11-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-ironjacamar-core-impl-1.5.11-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-ironjacamar-deployers-common-1.5.11-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-ironjacamar-jdbc-1.5.11-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-ironjacamar-validator-1.5.11-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jboss-ejb-client-4.0.50-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jboss-el-api_3.0_spec-2.0.1-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jboss-metadata-13.4.0-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jboss-metadata-appclient-13.4.0-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jboss-metadata-common-13.4.0-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jboss-metadata-ear-13.4.0-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jboss-metadata-ejb-13.4.0-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jboss-metadata-web-13.4.0-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jboss-server-migration-1.10.0-26.Final_redhat_00025.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jboss-server-migration-cli-1.10.0-26.Final_redhat_00025.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jboss-server-migration-core-1.10.0-26.Final_redhat_00025.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jbossws-cxf-5.4.8-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jbossws-spi-3.4.0-2.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-4.1.86-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-all-4.1.86-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-buffer-4.1.86-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-codec-4.1.86-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-codec-dns-4.1.86-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-codec-haproxy-4.1.86-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-codec-http-4.1.86-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-codec-http2-4.1.86-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-codec-memcache-4.1.86-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-codec-mqtt-4.1.86-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-codec-redis-4.1.86-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-codec-smtp-4.1.86-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-codec-socks-4.1.86-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-codec-stomp-4.1.86-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-codec-xml-4.1.86-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-common-4.1.86-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-handler-4.1.86-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-handler-proxy-4.1.86-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-resolver-4.1.86-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-resolver-dns-4.1.86-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-resolver-dns-classes-macos-4.1.86-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-transport-4.1.86-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-transport-classes-epoll-4.1.86-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-transport-classes-kqueue-4.1.86-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-transport-native-epoll-4.1.86-1.Final_redhat_00001.1.el8eap', 'cpu':'x86_64', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-transport-native-unix-common-4.1.86-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-transport-rxtx-4.1.86-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-transport-sctp-4.1.86-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-transport-udt-4.1.86-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-picketlink-api-2.5.5-22.SP12_redhat_00012.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-picketlink-common-2.5.5-22.SP12_redhat_00012.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-picketlink-config-2.5.5-22.SP12_redhat_00012.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-picketlink-federation-2.5.5-22.SP12_redhat_00012.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-picketlink-idm-api-2.5.5-22.SP12_redhat_00012.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-picketlink-idm-impl-2.5.5-22.SP12_redhat_00012.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-picketlink-idm-simple-schema-2.5.5-22.SP12_redhat_00012.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-picketlink-impl-2.5.5-22.SP12_redhat_00012.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-3.15.5-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-atom-provider-3.15.5-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-cdi-3.15.5-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-client-3.15.5-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-crypto-3.15.5-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-jackson-provider-3.15.5-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-jackson2-provider-3.15.5-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-jaxb-provider-3.15.5-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-jaxrs-3.15.5-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-jettison-provider-3.15.5-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-jose-jwt-3.15.5-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-jsapi-3.15.5-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-json-binding-provider-3.15.5-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-json-p-provider-3.15.5-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-multipart-provider-3.15.5-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-rxjava2-3.15.5-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-spring-3.15.5-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-validator-provider-11-3.15.5-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-yaml-provider-3.15.5-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-snakeyaml-1.33.0-2.SP1_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-undertow-2.2.23-1.SP2_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-undertow-jastow-2.0.14-1.Final_redhat_00001.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-wildfly-7.4.10-6.GA_redhat_00002.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-wildfly-http-client-common-1.1.16-1.Final_redhat_00002.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-wildfly-http-ejb-client-1.1.16-1.Final_redhat_00002.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-wildfly-http-naming-client-1.1.16-1.Final_redhat_00002.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-wildfly-http-transaction-client-1.1.16-1.Final_redhat_00002.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-wildfly-java-jdk11-7.4.10-6.GA_redhat_00002.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-wildfly-java-jdk17-7.4.10-6.GA_redhat_00002.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-wildfly-java-jdk8-7.4.10-6.GA_redhat_00002.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-wildfly-javadocs-7.4.10-6.GA_redhat_00002.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-wildfly-modules-7.4.10-6.GA_redhat_00002.1.el8eap', 'release':'8', 'el_string':'el8eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'eap7-activemq-artemis-native / eap7-apache-mime4j / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T16:10:06", "description": "The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1514 advisory.\n\n - SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n\n - snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)\n\n - hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853)\n\n - dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)\n\n - codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)\n\n - undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)\n\n - apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider (CVE-2022-45787)\n\n - RESTEasy: creation of insecure temp files (CVE-2023-0482)\n\n - Undertow: Infinite loop in SslConduit during close (CVE-2023-1108)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-30T00:00:00", "type": "nessus", "title": "RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 9 (RHSA-2023:1514)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1471", "CVE-2022-38752", "CVE-2022-41853", "CVE-2022-41854", "CVE-2022-41881", "CVE-2022-4492", "CVE-2022-45787", "CVE-2023-0482", "CVE-2023-1108"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:9", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-native", "p-cpe:/a:redhat:enterprise_linux:eap7-apache-mime4j", "p-cpe:/a:redhat:enterprise_linux:eap7-artemis-native", "p-cpe:/a:redhat:enterprise_linux:eap7-artemis-native-wildfly", "p-cpe:/a:redhat:enterprise_linux:eap7-artemis-wildfly-integration", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-cachestore-jdbc", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-cachestore-remote", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-client-hotrod", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-commons", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-component-annotations", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-core", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-commons", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-spi", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-classes-epoll", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-classes-kqueue", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-native-epoll", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-native-unix-common", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-rxtx", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-sctp", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-udt", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-api", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-v53", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-api", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-impl", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-spi", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-api", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-impl", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-deployers-common", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-jdbc", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-validator", "p-cpe:/a:redhat:enterprise_linux:eap7-netty", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-buffer", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-dns", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-haproxy", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-http", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-http2", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-memcache", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-mqtt", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-redis", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-smtp", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-common", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-config", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-federation", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-api", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-impl", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-simple-schema", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-impl", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-atom-provider", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-cdi", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-client", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-crypto", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jackson-provider", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jackson2-provider", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jaxb-provider", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jaxrs", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jettison-provider", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jose-jwt", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jsapi", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-json-binding-provider", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-json-p-provider", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-multipart-provider", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-rxjava2", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-spring", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-validator-provider-11", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-yaml-provider", "p-cpe:/a:redhat:enterprise_linux:eap7-snakeyaml", "p-cpe:/a:redhat:enterprise_linux:eap7-undertow", "p-cpe:/a:redhat:enterprise_linux:eap7-undertow-jastow", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-client-common", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-ejb-client", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-naming-client", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-transaction-client", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-java-jdk11", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-java-jdk17", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-java-jdk8", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-javadocs", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-modules", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-socks", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-stomp", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-xml", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-common", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-handler", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-handler-proxy", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-resolver", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-resolver-dns", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-resolver-dns-classes-macos", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport"], "id": "REDHAT-RHSA-2023-1514.NASL", "href": "https://www.tenable.com/plugins/nessus/173691", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2023:1514. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(173691);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2022-1471\",\n \"CVE-2022-4492\",\n \"CVE-2022-38752\",\n \"CVE-2022-41853\",\n \"CVE-2022-41854\",\n \"CVE-2022-41881\",\n \"CVE-2022-45787\",\n \"CVE-2023-0482\",\n \"CVE-2023-1108\"\n );\n script_xref(name:\"RHSA\", value:\"2023:1514\");\n\n script_name(english:\"RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 9 (RHSA-2023:1514)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2023:1514 advisory.\n\n - SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n\n - snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)\n\n - hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853)\n\n - dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)\n\n - codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)\n\n - undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)\n\n - apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider\n (CVE-2022-45787)\n\n - RESTEasy: creation of insecure temp files (CVE-2023-0482)\n\n - Undertow: Infinite loop in SslConduit during close (CVE-2023-1108)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1471\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-4492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-38752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-41853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-41854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-41881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-45787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2023-0482\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2023-1108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2023:1514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2129710\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2136141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2150009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2151988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2153260\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2153379\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2158916\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2166004\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2174246\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41853\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 200, 378, 470, 502, 550, 674, 787, 835, 1066);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-apache-mime4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-artemis-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-artemis-native-wildfly\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-artemis-wildfly-integration\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-cachestore-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-cachestore-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-client-hotrod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-commons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-component-annotations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-commons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-v53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-deployers-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-validator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-buffer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-dns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-haproxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-http\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-http2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-memcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-mqtt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-redis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-smtp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-socks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-stomp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-handler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-handler-proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-resolver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-resolver-dns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-resolver-dns-classes-macos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-classes-epoll\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-classes-kqueue\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-native-epoll\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-native-unix-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-rxtx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-sctp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-udt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-federation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-simple-schema\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-atom-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-cdi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-crypto\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jackson-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jackson2-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jaxb-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jaxrs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jettison-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jose-jwt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jsapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-json-binding-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-json-p-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-multipart-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-rxjava2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-spring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-validator-provider-11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-yaml-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-snakeyaml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-undertow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-undertow-jastow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-client-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-ejb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-naming-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-transaction-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-java-jdk11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-java-jdk17\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-java-jdk8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-javadocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-modules\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '9')) audit(AUDIT_OS_NOT, 'Red Hat 9.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/layered/rhel9/x86_64/jbeap/7.4/debug',\n 'content/dist/layered/rhel9/x86_64/jbeap/7.4/os',\n 'content/dist/layered/rhel9/x86_64/jbeap/7.4/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'eap7-activemq-artemis-native-1.0.2-3.redhat_00004.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'eap7-jboss'},\n {'reference':'eap7-apache-mime4j-0.8.9-1.redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-artemis-native-1.0.2-4.redhat_00004.1.el9eap', 'cpu':'x86_64', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'eap7-jboss'},\n {'reference':'eap7-artemis-native-wildfly-1.0.2-4.redhat_00004.1.el9eap', 'cpu':'x86_64', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'eap7-jboss'},\n {'reference':'eap7-artemis-wildfly-integration-1.0.7-1.redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-infinispan-11.0.17-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-infinispan-cachestore-jdbc-11.0.17-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-infinispan-cachestore-remote-11.0.17-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-infinispan-client-hotrod-11.0.17-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-infinispan-commons-11.0.17-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-infinispan-component-annotations-11.0.17-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-infinispan-core-11.0.17-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-infinispan-hibernate-cache-commons-11.0.17-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-infinispan-hibernate-cache-spi-11.0.17-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-infinispan-hibernate-cache-v53-11.0.17-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-ironjacamar-1.5.11-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-ironjacamar-common-api-1.5.11-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-ironjacamar-common-impl-1.5.11-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-ironjacamar-common-spi-1.5.11-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-ironjacamar-core-api-1.5.11-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-ironjacamar-core-impl-1.5.11-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-ironjacamar-deployers-common-1.5.11-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-ironjacamar-jdbc-1.5.11-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-ironjacamar-validator-1.5.11-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jboss-ejb-client-4.0.50-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jboss-el-api_3.0_spec-2.0.1-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jboss-metadata-13.4.0-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jboss-metadata-appclient-13.4.0-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jboss-metadata-common-13.4.0-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jboss-metadata-ear-13.4.0-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jboss-metadata-ejb-13.4.0-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jboss-metadata-web-13.4.0-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jboss-server-migration-1.10.0-26.Final_redhat_00025.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jboss-server-migration-cli-1.10.0-26.Final_redhat_00025.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jboss-server-migration-core-1.10.0-26.Final_redhat_00025.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jbossws-cxf-5.4.8-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jbossws-spi-3.4.0-2.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-4.1.86-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-buffer-4.1.86-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-codec-4.1.86-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-codec-dns-4.1.86-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-codec-haproxy-4.1.86-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-codec-http-4.1.86-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-codec-http2-4.1.86-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-codec-memcache-4.1.86-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-codec-mqtt-4.1.86-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-codec-redis-4.1.86-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-codec-smtp-4.1.86-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-codec-socks-4.1.86-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-codec-stomp-4.1.86-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-codec-xml-4.1.86-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-common-4.1.86-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-handler-4.1.86-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-handler-proxy-4.1.86-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-resolver-4.1.86-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-resolver-dns-4.1.86-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-resolver-dns-classes-macos-4.1.86-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-transport-4.1.86-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-transport-classes-epoll-4.1.86-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-transport-classes-kqueue-4.1.86-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-transport-native-epoll-4.1.86-1.Final_redhat_00001.1.el9eap', 'cpu':'x86_64', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-transport-native-unix-common-4.1.86-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-transport-rxtx-4.1.86-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-transport-sctp-4.1.86-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-transport-udt-4.1.86-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-picketlink-api-2.5.5-22.SP12_redhat_00012.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-picketlink-common-2.5.5-22.SP12_redhat_00012.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-picketlink-config-2.5.5-22.SP12_redhat_00012.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-picketlink-federation-2.5.5-22.SP12_redhat_00012.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-picketlink-idm-api-2.5.5-22.SP12_redhat_00012.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-picketlink-idm-impl-2.5.5-22.SP12_redhat_00012.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-picketlink-idm-simple-schema-2.5.5-22.SP12_redhat_00012.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-picketlink-impl-2.5.5-22.SP12_redhat_00012.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-3.15.5-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-atom-provider-3.15.5-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-cdi-3.15.5-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-client-3.15.5-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-crypto-3.15.5-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-jackson-provider-3.15.5-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-jackson2-provider-3.15.5-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-jaxb-provider-3.15.5-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-jaxrs-3.15.5-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-jettison-provider-3.15.5-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-jose-jwt-3.15.5-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-jsapi-3.15.5-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-json-binding-provider-3.15.5-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-json-p-provider-3.15.5-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-multipart-provider-3.15.5-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-rxjava2-3.15.5-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-spring-3.15.5-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-validator-provider-11-3.15.5-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-yaml-provider-3.15.5-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-snakeyaml-1.33.0-2.SP1_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-undertow-2.2.23-1.SP2_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-undertow-jastow-2.0.14-1.Final_redhat_00001.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-wildfly-7.4.10-6.GA_redhat_00002.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-wildfly-http-client-common-1.1.16-1.Final_redhat_00002.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-wildfly-http-ejb-client-1.1.16-1.Final_redhat_00002.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-wildfly-http-naming-client-1.1.16-1.Final_redhat_00002.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-wildfly-http-transaction-client-1.1.16-1.Final_redhat_00002.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-wildfly-java-jdk11-7.4.10-6.GA_redhat_00002.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-wildfly-java-jdk17-7.4.10-6.GA_redhat_00002.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-wildfly-java-jdk8-7.4.10-6.GA_redhat_00002.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-wildfly-javadocs-7.4.10-6.GA_redhat_00002.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-wildfly-modules-7.4.10-6.GA_redhat_00002.1.el9eap', 'release':'9', 'el_string':'el9eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'eap7-activemq-artemis-native / eap7-apache-mime4j / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T13:06:50", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1512 advisory.\n\n - SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n\n - snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)\n\n - hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853)\n\n - dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)\n\n - codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)\n\n - undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)\n\n - apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider (CVE-2022-45787)\n\n - RESTEasy: creation of insecure temp files (CVE-2023-0482)\n\n - Undertow: Infinite loop in SslConduit during close (CVE-2023-1108)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-30T00:00:00", "type": "nessus", "title": "RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 7 (RHSA-2023:1512)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1471", "CVE-2022-38752", "CVE-2022-41853", "CVE-2022-41854", "CVE-2022-41881", "CVE-2022-4492", "CVE-2022-45787", "CVE-2023-0482", "CVE-2023-1108"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-native", "p-cpe:/a:redhat:enterprise_linux:eap7-apache-mime4j", "p-cpe:/a:redhat:enterprise_linux:eap7-artemis-native", "p-cpe:/a:redhat:enterprise_linux:eap7-artemis-native-wildfly", "p-cpe:/a:redhat:enterprise_linux:eap7-artemis-wildfly-integration", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-cachestore-jdbc", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-cachestore-remote", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-client-hotrod", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-commons", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-component-annotations", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-core", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-commons", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-spi", "p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-v53", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-api", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-impl", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-spi", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-api", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-impl", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-deployers-common", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-jdbc", "p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-validator", "p-cpe:/a:redhat:enterprise_linux:eap7-netty", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-all", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-buffer", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-dns", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-haproxy", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-http", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-http2", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-memcache", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-mqtt", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-redis", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-smtp", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-socks", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-stomp", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-xml", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-common", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-handler", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-handler-proxy", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-resolver", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-resolver-dns", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-resolver-dns-classes-macos", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-classes-epoll", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-classes-kqueue", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-native-epoll", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-native-unix-common", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-rxtx", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-sctp", "p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-udt", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-api", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-common", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-config", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-federation", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-api", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-impl", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-simple-schema", "p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-impl", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-atom-provider", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-cdi", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-client", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-crypto", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jackson-provider", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jackson2-provider", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jaxb-provider", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jaxrs", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jettison-provider", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jose-jwt", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jsapi", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-json-binding-provider", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-json-p-provider", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-multipart-provider", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-rxjava2", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-spring", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-validator-provider-11", "p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-yaml-provider", "p-cpe:/a:redhat:enterprise_linux:eap7-snakeyaml", "p-cpe:/a:redhat:enterprise_linux:eap7-undertow", "p-cpe:/a:redhat:enterprise_linux:eap7-undertow-jastow", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-client-common", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-ejb-client", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-naming-client", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-transaction-client", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-java-jdk11", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-java-jdk8", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-javadocs", "p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-modules"], "id": "REDHAT-RHSA-2023-1512.NASL", "href": "https://www.tenable.com/plugins/nessus/173690", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2023:1512. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(173690);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2022-1471\",\n \"CVE-2022-4492\",\n \"CVE-2022-38752\",\n \"CVE-2022-41853\",\n \"CVE-2022-41854\",\n \"CVE-2022-41881\",\n \"CVE-2022-45787\",\n \"CVE-2023-0482\",\n \"CVE-2023-1108\"\n );\n script_xref(name:\"RHSA\", value:\"2023:1512\");\n\n script_name(english:\"RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 7 (RHSA-2023:1512)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2023:1512 advisory.\n\n - SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n\n - snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)\n\n - hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853)\n\n - dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)\n\n - codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)\n\n - undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)\n\n - apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider\n (CVE-2022-45787)\n\n - RESTEasy: creation of insecure temp files (CVE-2023-0482)\n\n - Undertow: Infinite loop in SslConduit during close (CVE-2023-1108)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1471\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-4492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-38752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-41853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-41854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-41881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-45787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2023-0482\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2023-1108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2023:1512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2129710\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2136141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2150009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2151988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2153260\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2153379\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2158916\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2166004\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2174246\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41853\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 200, 378, 470, 502, 550, 674, 787, 835, 1066);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-activemq-artemis-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-apache-mime4j\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-artemis-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-artemis-native-wildfly\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-artemis-wildfly-integration\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-cachestore-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-cachestore-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-client-hotrod\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-commons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-component-annotations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-commons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-infinispan-hibernate-cache-v53\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-common-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-core-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-deployers-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-ironjacamar-validator\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-buffer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-dns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-haproxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-http\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-http2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-memcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-mqtt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-redis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-smtp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-socks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-stomp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-handler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-handler-proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-resolver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-resolver-dns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-resolver-dns-classes-macos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-classes-epoll\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-classes-kqueue\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-native-epoll\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-native-unix-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-rxtx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-sctp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-udt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-federation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-idm-simple-schema\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-picketlink-impl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-atom-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-cdi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-crypto\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jackson-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jackson2-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jaxb-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jaxrs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jettison-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jose-jwt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-jsapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-json-binding-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-json-p-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-multipart-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-rxjava2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-spring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-validator-provider-11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-resteasy-yaml-provider\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-snakeyaml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-undertow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-undertow-jastow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-client-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-ejb-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-naming-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-http-transaction-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-java-jdk11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-java-jdk8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-javadocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:eap7-wildfly-modules\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/server/7/7Server/x86_64/jbeap/7.4/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/jbeap/7.4/os',\n 'content/dist/rhel/server/7/7Server/x86_64/jbeap/7.4/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'eap7-activemq-artemis-native-1.0.2-3.redhat_00004.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'eap7-jboss'},\n {'reference':'eap7-apache-mime4j-0.8.9-1.redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-artemis-native-1.0.2-4.redhat_00004.1.el7eap', 'cpu':'x86_64', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'eap7-jboss'},\n {'reference':'eap7-artemis-native-wildfly-1.0.2-4.redhat_00004.1.el7eap', 'cpu':'x86_64', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'eap7-jboss'},\n {'reference':'eap7-artemis-wildfly-integration-1.0.7-1.redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-infinispan-11.0.17-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-infinispan-cachestore-jdbc-11.0.17-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-infinispan-cachestore-remote-11.0.17-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-infinispan-client-hotrod-11.0.17-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-infinispan-commons-11.0.17-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-infinispan-component-annotations-11.0.17-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-infinispan-core-11.0.17-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-infinispan-hibernate-cache-commons-11.0.17-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-infinispan-hibernate-cache-spi-11.0.17-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-infinispan-hibernate-cache-v53-11.0.17-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-ironjacamar-1.5.11-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-ironjacamar-common-api-1.5.11-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-ironjacamar-common-impl-1.5.11-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-ironjacamar-common-spi-1.5.11-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-ironjacamar-core-api-1.5.11-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-ironjacamar-core-impl-1.5.11-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-ironjacamar-deployers-common-1.5.11-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-ironjacamar-jdbc-1.5.11-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-ironjacamar-validator-1.5.11-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jboss-ejb-client-4.0.50-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jboss-el-api_3.0_spec-2.0.1-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jboss-metadata-13.4.0-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jboss-metadata-appclient-13.4.0-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jboss-metadata-common-13.4.0-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jboss-metadata-ear-13.4.0-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jboss-metadata-ejb-13.4.0-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jboss-metadata-web-13.4.0-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jboss-server-migration-1.10.0-26.Final_redhat_00025.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jboss-server-migration-cli-1.10.0-26.Final_redhat_00025.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jboss-server-migration-core-1.10.0-26.Final_redhat_00025.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jbossws-cxf-5.4.8-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-jbossws-spi-3.4.0-2.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-4.1.86-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-all-4.1.86-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-buffer-4.1.86-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-codec-4.1.86-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-codec-dns-4.1.86-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-codec-haproxy-4.1.86-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-codec-http-4.1.86-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-codec-http2-4.1.86-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-codec-memcache-4.1.86-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-codec-mqtt-4.1.86-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-codec-redis-4.1.86-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-codec-smtp-4.1.86-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-codec-socks-4.1.86-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-codec-stomp-4.1.86-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-codec-xml-4.1.86-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-common-4.1.86-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-handler-4.1.86-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-handler-proxy-4.1.86-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-resolver-4.1.86-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-resolver-dns-4.1.86-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-resolver-dns-classes-macos-4.1.86-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-transport-4.1.86-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-transport-classes-epoll-4.1.86-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-transport-classes-kqueue-4.1.86-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-transport-native-epoll-4.1.86-1.Final_redhat_00001.1.el7eap', 'cpu':'x86_64', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-transport-native-unix-common-4.1.86-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-transport-rxtx-4.1.86-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-transport-sctp-4.1.86-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-netty-transport-udt-4.1.86-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-picketlink-api-2.5.5-22.SP12_redhat_00012.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-picketlink-common-2.5.5-22.SP12_redhat_00012.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-picketlink-config-2.5.5-22.SP12_redhat_00012.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-picketlink-federation-2.5.5-22.SP12_redhat_00012.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-picketlink-idm-api-2.5.5-22.SP12_redhat_00012.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-picketlink-idm-impl-2.5.5-22.SP12_redhat_00012.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-picketlink-idm-simple-schema-2.5.5-22.SP12_redhat_00012.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-picketlink-impl-2.5.5-22.SP12_redhat_00012.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-3.15.5-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-atom-provider-3.15.5-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-cdi-3.15.5-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-client-3.15.5-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-crypto-3.15.5-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-jackson-provider-3.15.5-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-jackson2-provider-3.15.5-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-jaxb-provider-3.15.5-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-jaxrs-3.15.5-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-jettison-provider-3.15.5-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-jose-jwt-3.15.5-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-jsapi-3.15.5-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-json-binding-provider-3.15.5-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-json-p-provider-3.15.5-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-multipart-provider-3.15.5-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-rxjava2-3.15.5-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-spring-3.15.5-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-validator-provider-11-3.15.5-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-resteasy-yaml-provider-3.15.5-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-snakeyaml-1.33.0-2.SP1_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-undertow-2.2.23-1.SP2_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-undertow-jastow-2.0.14-1.Final_redhat_00001.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-wildfly-7.4.10-6.GA_redhat_00002.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-wildfly-http-client-common-1.1.16-1.Final_redhat_00002.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-wildfly-http-ejb-client-1.1.16-1.Final_redhat_00002.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-wildfly-http-naming-client-1.1.16-1.Final_redhat_00002.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-wildfly-http-transaction-client-1.1.16-1.Final_redhat_00002.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-wildfly-java-jdk11-7.4.10-6.GA_redhat_00002.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-wildfly-java-jdk8-7.4.10-6.GA_redhat_00002.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-wildfly-javadocs-7.4.10-6.GA_redhat_00002.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'},\n {'reference':'eap7-wildfly-modules-7.4.10-6.GA_redhat_00002.1.el7eap', 'release':'7', 'el_string':'el7eap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7-jboss'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'eap7-activemq-artemis-native / eap7-apache-mime4j / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-02T18:45:51", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2706 advisory.\n\n - In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069 (CVE-2021-0341)\n\n - Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow. (CVE-2022-38752)\n\n - Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS).\n If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack. (CVE-2022-41854)\n\n - Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder. (CVE-2022-41881)\n\n - The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol. (CVE-2022-4492)\n\n - Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. We recommend users to upgrade to MIME4j version 0.8.9 or later. (CVE-2022-45787)\n\n - In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user. (CVE-2023-0482)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-05-13T00:00:00", "type": "nessus", "title": "RHEL 8 : Red Hat Single Sign-On 7.6.3 security update on RHEL 8 (Moderate) (RHSA-2023:2706)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-0341", "CVE-2022-38752", "CVE-2022-41854", "CVE-2022-41881", "CVE-2022-4492", "CVE-2022-45787", "CVE-2023-0482"], "modified": "2023-05-13T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak", "p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak-server"], "id": "REDHAT-RHSA-2023-2706.NASL", "href": "https://www.tenable.com/plugins/nessus/175557", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2023:2706. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(175557);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/13\");\n\n script_cve_id(\n \"CVE-2021-0341\",\n \"CVE-2022-4492\",\n \"CVE-2022-38752\",\n \"CVE-2022-41854\",\n \"CVE-2022-41881\",\n \"CVE-2022-45787\",\n \"CVE-2023-0482\"\n );\n script_xref(name:\"RHSA\", value:\"2023:2706\");\n\n script_name(english:\"RHEL 8 : Red Hat Single Sign-On 7.6.3 security update on RHEL 8 (Moderate) (RHSA-2023:2706)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2023:2706 advisory.\n\n - In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the\n wrong domain due to improperly used crypto. This could lead to remote information disclosure with no\n additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069 (CVE-2021-0341)\n\n - Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the\n parser is running on user supplied input, an attacker may supply content that causes the parser to crash\n by stack-overflow. (CVE-2022-38752)\n\n - Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS).\n If the parser is running on user supplied input, an attacker may supply content that causes the parser to\n crash by stack overflow. This effect may support a denial of service attack. (CVE-2022-41854)\n\n - Netty project is an event-driven asynchronous network application framework. In versions prior to\n 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an\n infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a\n custom HaProxyMessageDecoder. (CVE-2022-41881)\n\n - The undertow client is not checking the server identity presented by the server certificate in https\n connections. This is a compulsory step (at least it should be performed by default) in https and in\n http/2. I would add it to any TLS client protocol. (CVE-2022-4492)\n\n - Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to\n information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and\n prior versions. We recommend users to upgrade to MIME4j version 0.8.9 or later. (CVE-2022-45787)\n\n - In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and\n Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local\n user. (CVE-2023-0482)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-0341\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-4492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-38752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-41854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-41881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-45787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2023-0482\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2023:2706\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rh-sso7-keycloak and / or rh-sso7-keycloak-server packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-0341\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-4492\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(200, 295, 378, 550, 674, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak-server\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/layered/rhel8/x86_64/rh-sso/7.3/debug',\n 'content/dist/layered/rhel8/x86_64/rh-sso/7.3/os',\n 'content/dist/layered/rhel8/x86_64/rh-sso/7.3/source/SRPMS',\n 'content/dist/layered/rhel8/x86_64/rh-sso/7.4/debug',\n 'content/dist/layered/rhel8/x86_64/rh-sso/7.4/os',\n 'content/dist/layered/rhel8/x86_64/rh-sso/7.4/source/SRPMS',\n 'content/dist/layered/rhel8/x86_64/rh-sso/7.5/debug',\n 'content/dist/layered/rhel8/x86_64/rh-sso/7.5/os',\n 'content/dist/layered/rhel8/x86_64/rh-sso/7.5/source/SRPMS',\n 'content/dist/layered/rhel8/x86_64/rh-sso/7.6/debug',\n 'content/dist/layered/rhel8/x86_64/rh-sso/7.6/os',\n 'content/dist/layered/rhel8/x86_64/rh-sso/7.6/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'rh-sso7-keycloak-18.0.7-1.redhat_00001.1.el8sso', 'release':'8', 'el_string':'el8sso', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-sso'},\n {'reference':'rh-sso7-keycloak-server-18.0.7-1.redhat_00001.1.el8sso', 'release':'8', 'el_string':'el8sso', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-sso'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rh-sso7-keycloak / rh-sso7-keycloak-server');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-02T18:46:25", "description": "The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2707 advisory.\n\n - In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069 (CVE-2021-0341)\n\n - Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow. (CVE-2022-38752)\n\n - Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS).\n If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack. (CVE-2022-41854)\n\n - Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder. (CVE-2022-41881)\n\n - The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol. (CVE-2022-4492)\n\n - Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. We recommend users to upgrade to MIME4j version 0.8.9 or later. (CVE-2022-45787)\n\n - In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user. (CVE-2023-0482)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-05-13T00:00:00", "type": "nessus", "title": "RHEL 9 : Red Hat Single Sign-On 7.6.3 security update on RHEL 9 (Moderate) (RHSA-2023:2707)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-0341", "CVE-2022-38752", "CVE-2022-41854", "CVE-2022-41881", "CVE-2022-4492", "CVE-2022-45787", "CVE-2023-0482"], "modified": "2023-05-13T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:9", "p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak", "p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak-server"], "id": "REDHAT-RHSA-2023-2707.NASL", "href": "https://www.tenable.com/plugins/nessus/175556", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2023:2707. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(175556);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/13\");\n\n script_cve_id(\n \"CVE-2021-0341\",\n \"CVE-2022-4492\",\n \"CVE-2022-38752\",\n \"CVE-2022-41854\",\n \"CVE-2022-41881\",\n \"CVE-2022-45787\",\n \"CVE-2023-0482\"\n );\n script_xref(name:\"RHSA\", value:\"2023:2707\");\n\n script_name(english:\"RHEL 9 : Red Hat Single Sign-On 7.6.3 security update on RHEL 9 (Moderate) (RHSA-2023:2707)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2023:2707 advisory.\n\n - In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the\n wrong domain due to improperly used crypto. This could lead to remote information disclosure with no\n additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069 (CVE-2021-0341)\n\n - Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the\n parser is running on user supplied input, an attacker may supply content that causes the parser to crash\n by stack-overflow. (CVE-2022-38752)\n\n - Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS).\n If the parser is running on user supplied input, an attacker may supply content that causes the parser to\n crash by stack overflow. This effect may support a denial of service attack. (CVE-2022-41854)\n\n - Netty project is an event-driven asynchronous network application framework. In versions prior to\n 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an\n infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a\n custom HaProxyMessageDecoder. (CVE-2022-41881)\n\n - The undertow client is not checking the server identity presented by the server certificate in https\n connections. This is a compulsory step (at least it should be performed by default) in https and in\n http/2. I would add it to any TLS client protocol. (CVE-2022-4492)\n\n - Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to\n information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and\n prior versions. We recommend users to upgrade to MIME4j version 0.8.9 or later. (CVE-2022-45787)\n\n - In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and\n Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local\n user. (CVE-2023-0482)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-0341\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-4492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-38752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-41854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-41881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-45787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2023-0482\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2023:2707\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rh-sso7-keycloak and / or rh-sso7-keycloak-server packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-0341\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-4492\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(200, 295, 378, 550, 674, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak-server\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '9')) audit(AUDIT_OS_NOT, 'Red Hat 9.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/layered/rhel9/x86_64/rh-sso/7.6/debug',\n 'content/dist/layered/rhel9/x86_64/rh-sso/7.6/os',\n 'content/dist/layered/rhel9/x86_64/rh-sso/7.6/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'rh-sso7-keycloak-18.0.7-1.redhat_00001.1.el9sso', 'release':'9', 'el_string':'el9sso', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-sso'},\n {'reference':'rh-sso7-keycloak-server-18.0.7-1.redhat_00001.1.el9sso', 'release':'9', 'el_string':'el9sso', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-sso'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rh-sso7-keycloak / rh-sso7-keycloak-server');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-24T19:34:02", "description": "The 5.9.0.0 and 6.4.0.0 versions of Oracle Business Intelligence Enterprise Edition installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory.\n\n - Vulnerability in the BI Publisher product of Oracle Analytics (component: Security (Apache CXF)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks of this vulnerability can result in takeover of BI Publisher. (CVE-2022-46364)\n\n - Vulnerability in the BI Publisher product of Oracle Analytics (component: Development Operations (Snowflake JDBC)). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of BI Publisher. (CVE-2023-30535)\n\n - Vulnerability in the BI Publisher product of Oracle Analytics (component: Web Server (Spring Framework)).\n Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of BI Publisher. (CVE-2023-20861)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-07-21T00:00:00", "type": "nessus", "title": "Oracle Business Intelligence Publisher (OBIEE) (July 2023 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-24891", "CVE-2022-46364", "CVE-2023-20861", "CVE-2023-30535"], "modified": "2023-07-24T00:00:00", "cpe": ["cpe:/a:oracle:fusion_middleware", "cpe:/a:oracle:business_intelligence_publisher"], "id": "ORACLE_BI_PUBLISHER_CPU_JUL_2023.NASL", "href": "https://www.tenable.com/plugins/nessus/178712", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(178712);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/24\");\n\n script_cve_id(\n \"CVE-2023-20861\",\n \"CVE-2022-24891\",\n \"CVE-2023-30535\",\n \"CVE-2022-46364\"\n );\n\n script_name(english:\"Oracle Business Intelligence Publisher (OBIEE) (July 2023 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The 5.9.0.0 and 6.4.0.0 versions of Oracle Business Intelligence Enterprise Edition installed on the remote host are\naffected by multiple vulnerabilities as referenced in the July 2023 CPU advisory.\n\n - Vulnerability in the BI Publisher product of Oracle Analytics (component: Security (Apache CXF)). The\n supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker\n with network access via HTTP to compromise BI Publisher. Successful attacks of this vulnerability can result in\n takeover of BI Publisher. (CVE-2022-46364)\n\n - Vulnerability in the BI Publisher product of Oracle Analytics (component: Development Operations (Snowflake\n JDBC)). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows\n unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human\n interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover\n of BI Publisher. (CVE-2023-30535)\n\n - Vulnerability in the BI Publisher product of Oracle Analytics (component: Web Server (Spring Framework)).\n Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low\n privileged attacker with network access via HTTP to compromise BI Publisher. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of BI\n Publisher. (CVE-2023-20861)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpujul2023.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/docs/tech/security-alerts/cpujul2023cvrf.xml\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the July 2023 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24891\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-46364\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:business_intelligence_publisher\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_bi_publisher_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle Business Intelligence Publisher\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::get_app_info(app:'Oracle Business Intelligence Publisher');\n\n# based on Oracle CPU data\nvar constraints = [\n {'min_version': '12.2.1.4', 'fixed_version': '12.2.1.4.230628', 'patch': '35548198', 'bundle': '35601492'}\n];\n\nvcf::oracle_bi_publisher::check_version_and_report(app_info: app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-02T18:45:51", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2705 advisory.\n\n - In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069 (CVE-2021-0341)\n\n - Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow. (CVE-2022-38752)\n\n - Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS).\n If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack. (CVE-2022-41854)\n\n - Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder. (CVE-2022-41881)\n\n - The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol. (CVE-2022-4492)\n\n - Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. We recommend users to upgrade to MIME4j version 0.8.9 or later. (CVE-2022-45787)\n\n - In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user. (CVE-2023-0482)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-05-13T00:00:00", "type": "nessus", "title": "RHEL 7 : Red Hat Single Sign-On 7.6.3 security update on RHEL 7 (Moderate) (RHSA-2023:2705)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-0341", "CVE-2022-38752", "CVE-2022-41854", "CVE-2022-41881", "CVE-2022-4492", "CVE-2022-45787", "CVE-2023-0482"], "modified": "2023-05-13T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak", "p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak-server"], "id": "REDHAT-RHSA-2023-2705.NASL", "href": "https://www.tenable.com/plugins/nessus/175558", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2023:2705. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(175558);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/13\");\n\n script_cve_id(\n \"CVE-2021-0341\",\n \"CVE-2022-4492\",\n \"CVE-2022-38752\",\n \"CVE-2022-41854\",\n \"CVE-2022-41881\",\n \"CVE-2022-45787\",\n \"CVE-2023-0482\"\n );\n script_xref(name:\"RHSA\", value:\"2023:2705\");\n\n script_name(english:\"RHEL 7 : Red Hat Single Sign-On 7.6.3 security update on RHEL 7 (Moderate) (RHSA-2023:2705)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2023:2705 advisory.\n\n - In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the\n wrong domain due to improperly used crypto. This could lead to remote information disclosure with no\n additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069 (CVE-2021-0341)\n\n - Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the\n parser is running on user supplied input, an attacker may supply content that causes the parser to crash\n by stack-overflow. (CVE-2022-38752)\n\n - Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS).\n If the parser is running on user supplied input, an attacker may supply content that causes the parser to\n crash by stack overflow. This effect may support a denial of service attack. (CVE-2022-41854)\n\n - Netty project is an event-driven asynchronous network application framework. In versions prior to\n 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an\n infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a\n custom HaProxyMessageDecoder. (CVE-2022-41881)\n\n - The undertow client is not checking the server identity presented by the server certificate in https\n connections. This is a compulsory step (at least it should be performed by default) in https and in\n http/2. I would add it to any TLS client protocol. (CVE-2022-4492)\n\n - Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to\n information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and\n prior versions. We recommend users to upgrade to MIME4j version 0.8.9 or later. (CVE-2022-45787)\n\n - In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and\n Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local\n user. (CVE-2023-0482)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-0341\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-4492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-38752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-41854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-41881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-45787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2023-0482\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2023:2705\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rh-sso7-keycloak and / or rh-sso7-keycloak-server packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-0341\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-4492\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(200, 295, 378, 550, 674, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak-server\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.1/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.2/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.2/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.2/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.3/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.3/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.3/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.4/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.4/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.4/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.5/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.5/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.5/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.6/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.6/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rh-sso/7.6/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'rh-sso7-keycloak-18.0.7-1.redhat_00001.1.el7sso', 'release':'7', 'el_string':'el7sso', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-sso'},\n {'reference':'rh-sso7-keycloak-server-18.0.7-1.redhat_00001.1.el7sso', 'release':'7', 'el_string':'el7sso', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-sso'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rh-sso7-keycloak / rh-sso7-keycloak-server');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-17T11:09:42", "description": "Apache Shiro before 1.11.0, when using Apache Shiro with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot < 2.6 default to Ant style pattern matching.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-09-25T00:00:00", "type": "nessus", "title": "Apache Shiro < 1.11.0 Authentication Bypass", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-22602"], "modified": "2023-09-26T00:00:00", "cpe": ["cpe:/a:apache:shiro"], "id": "APACHE_SHIRO_CVE-2023-22602.NASL", "href": "https://www.tenable.com/plugins/nessus/181841", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(181841);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/26\");\n\n script_cve_id(\"CVE-2023-22602\");\n\n script_name(english:\"Apache Shiro < 1.11.0 Authentication Bypass\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A Java security framework is affected by an authentication bypass vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"Apache Shiro before 1.11.0, when using Apache Shiro with Spring Boot 2.6+, a specially crafted HTTP request may cause \nan authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different \npattern-matching techniques. Both Shiro and Spring Boot < 2.6 default to Ant style pattern matching.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.apache.org/thread/dzj0k2smpzzgj6g666hrbrgsrlf9yhkl\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cd689850\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apache Shiro 1.11.0 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-22602\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/09/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:shiro\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"shiro_jar_detection.nbin\");\n script_require_keys(\"installed_sw/Apache Shiro\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app_info = vcf::get_app_info(app:'Apache Shiro');\n\nvar constraints = [\n {'fixed_version' : '1.11.0'}\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-27T19:34:22", "description": "It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-280 advisory.\n\n - Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability. (CVE-2023-33201)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-08-14T00:00:00", "type": "nessus", "title": "Amazon Linux 2023 : bouncycastle, bouncycastle-javadoc, bouncycastle-mail (ALAS2023-2023-280)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-33201"], "modified": "2023-08-14T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:bouncycastle", "p-cpe:/a:amazon:linux:bouncycastle-javadoc", "p-cpe:/a:amazon:linux:bouncycastle-mail", "p-cpe:/a:amazon:linux:bouncycastle-pg", "p-cpe:/a:amazon:linux:bouncycastle-pkix", "p-cpe:/a:amazon:linux:bouncycastle-tls", "p-cpe:/a:amazon:linux:bouncycastle-util", "cpe:/o:amazon:linux:2023"], "id": "AL2023_ALAS2023-2023-280.NASL", "href": "https://www.tenable.com/plugins/nessus/179749", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2023 Security Advisory ALAS2023-2023-280.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(179749);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/08/14\");\n\n script_cve_id(\"CVE-2023-33201\");\n\n script_name(english:\"Amazon Linux 2023 : bouncycastle, bouncycastle-javadoc, bouncycastle-mail (ALAS2023-2023-280)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2023 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-280 advisory.\n\n - Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only\n affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During\n the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP\n search filter without any escaping, which leads to an LDAP injection vulnerability. (CVE-2023-33201)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2023/ALAS-2023-280.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2023-33201.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/faqs.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'dnf update bouncycastle --releasever 2023.1.20230809' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-33201\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/08/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bouncycastle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bouncycastle-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bouncycastle-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bouncycastle-pg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bouncycastle-pkix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bouncycastle-tls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bouncycastle-util\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2023\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"-2023\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2023\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'bouncycastle-1.70-4.amzn2023.0.3', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bouncycastle-javadoc-1.70-4.amzn2023.0.3', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bouncycastle-mail-1.70-4.amzn2023.0.3', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bouncycastle-pg-1.70-4.amzn2023.0.3', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bouncycastle-pkix-1.70-4.amzn2023.0.3', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bouncycastle-tls-1.70-4.amzn2023.0.3', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bouncycastle-util-1.70-4.amzn2023.0.3', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bouncycastle / bouncycastle-javadoc / bouncycastle-mail / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-01T12:40:11", "description": "The 12.4.0.0 versions of Enterprise Manager Ops Center installed on the remote host are affected by a DoS vulnerability in XStream component as referenced in the April 2023 CPU advisory. XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This issue is patched in version 1.4.20 which handles the stack overflow and raises an InputManipulationException instead. (CVE-2022-41966)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-04-21T00:00:00", "type": "nessus", "title": "Oracle Enterprise Manager Ops Center (Apr 2023 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-41966"], "modified": "2023-04-24T00:00:00", "cpe": ["cpe:/a:oracle:enterprise_manager_ops_center"], "id": "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_CPU_APR_2023.NASL", "href": "https://www.tenable.com/plugins/nessus/174627", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(174627);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/24\");\n\n script_cve_id(\"CVE-2022-41966\");\n script_xref(name:\"IAVA\", value:\"2023-A-0209\");\n\n script_name(english:\"Oracle Enterprise Manager Ops Center (Apr 2023 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The 12.4.0.0 versions of Enterprise Manager Ops Center installed on the remote host are affected by a DoS \nvulnerability in XStream component as referenced in the April 2023 CPU advisory. XStream serializes Java \nobjects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application \nwith a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. \nThe attack uses the hash code implementation for collections and maps to force recursive hash calculation causing \na stack overflow. This issue is patched in version 1.4.20 which handles the stack overflow and raises an \nInputManipulationException instead. (CVE-2022-41966)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/docs/tech/security-alerts/cpuapr2023cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuapr2023.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the April 2023 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41966\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/04/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:enterprise_manager_ops_center\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_enterprise_manager_ops_center_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle Enterprise Manager Ops Center\");\n\n exit(0);\n}\n\ninclude('vcf_extras_oracle_em_ops_center.inc');\n\nget_kb_item_or_exit('Host/local_checks_enabled');\n\nvar constraints = [\n {'min_version': '12.4.0.0', 'max_version': '12.4.0.9999', 'uce_patch': '35158624'}\n];\n\nvar app_info = vcf::oracle_em_ops_center::get_app_info();\n\nvcf::oracle_em_ops_center::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-09T15:50:36", "description": "According to the versions of the bcel package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0. (CVE-2022-42920)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2023-06-09T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : bcel (EulerOS-SA-2023-2137)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-42920"], "modified": "2023-06-09T00:00:00", "cpe": ["cpe:/o:huawei:euleros:2.0", "p-cpe:/a:huawei:euleros:bcel"], "id": "EULEROS_SA-2023-2137.NASL", "href": "https://www.tenable.com/plugins/nessus/177019", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(177019);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/06/09\");\n\n script_cve_id(\"CVE-2022-42920\");\n\n script_name(english:\"EulerOS 2.0 SP5 : bcel (EulerOS-SA-2023-2137)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the bcel package installed, the EulerOS installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - Apache Commons BCEL has a number of APIs that would normally only allow changing specific class\n characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce\n arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those\n APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to\n Apache Commons BCEL 6.6.0. (CVE-2022-42920)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-2137\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e46b3802\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bcel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42920\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/06/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bcel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar _release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(_release) || _release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (_release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu && \"x86\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"bcel-5.2-18.h1.eulerosv2r7\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bcel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:41:54", "description": "It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2023-275 advisory.\n\n - Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0. (CVE-2022-42920)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-25T00:00:00", "type": "nessus", "title": "Amazon Linux 2022 : (ALAS2022-2023-275)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-42920"], "modified": "2023-01-25T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:bcel", "p-cpe:/a:amazon:linux:bcel-javadoc", "cpe:/o:amazon:linux:2022"], "id": "AL2022_ALAS2022-2023-275.NASL", "href": "https://www.tenable.com/plugins/nessus/170618", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2022 Security Advisory ALAS2022-2023-275.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170618);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/25\");\n\n script_cve_id(\"CVE-2022-42920\");\n\n script_name(english:\"Amazon Linux 2022 : (ALAS2022-2023-275)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2022 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2023-275 advisory.\n\n - Apache Commons BCEL has a number of APIs that would normally only allow changing specific class\n characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce\n arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those\n APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to\n Apache Commons BCEL 6.6.0. (CVE-2022-42920)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2022/ALAS-2023-275.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-42920.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'dnf update bcel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42920\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bcel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bcel-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2022\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"-2022\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2022\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'bcel-6.5.0-3.amzn2022.0.1', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bcel-javadoc-6.5.0-3.amzn2022.0.1', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bcel / bcel-javadoc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:38:56", "description": "The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2022:8958-1 advisory.\n\n - Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-12-14T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : bcel on SL7.x (noarch) (2022:8958)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-42920"], "modified": "2022-12-14T00:00:00", "cpe": ["cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:bcel", "p-cpe:/a:fermilab:scientific_linux:bcel-javadoc"], "id": "SL_20221213_BCEL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/168734", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168734);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/14\");\n\n script_cve_id(\"CVE-2022-42920\");\n script_xref(name:\"RHSA\", value:\"RHSA-2022:8958\");\n\n script_name(english:\"Scientific Linux Security Update : bcel on SL7.x (noarch) (2022:8958)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Scientific Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nSLSA-2022:8958-1 advisory.\n\n - Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.scientificlinux.org/category/sl-errata/slsa-20228958-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bcel and / or bcel-javadoc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42920\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fermilab:scientific_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bcel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bcel-javadoc\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Scientific Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Scientific Linux');\nvar os_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Scientific Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Scientific Linux 7.x', 'Scientific Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Scientific Linux', cpu);\n\nvar pkgs = [\n {'reference':'bcel-5.2-19.el7_9', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bcel-javadoc-5.2-19.el7_9', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bcel / bcel-javadoc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-25T15:57:43", "description": "The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-0005 advisory.\n\n - Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0. (CVE-2022-42920)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-03T00:00:00", "type": "nessus", "title": "Oracle Linux 9 : bcel (ELSA-2023-0005)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-42920"], "modified": "2023-10-24T00:00:00", "cpe": ["cpe:/o:oracle:linux:9", "p-cpe:/a:oracle:linux:bcel"], "id": "ORACLELINUX_ELSA-2023-0005.NASL", "href": "https://www.tenable.com/plugins/nessus/169463", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2023-0005.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169463);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/24\");\n\n script_cve_id(\"CVE-2022-42920\");\n script_xref(name:\"IAVA\", value:\"2023-A-0559\");\n script_xref(name:\"IAVA\", value:\"2023-A-0563\");\n\n script_name(english:\"Oracle Linux 9 : bcel (ELSA-2023-0005)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the\nELSA-2023-0005 advisory.\n\n - Apache Commons BCEL has a number of APIs that would normally only allow changing specific class\n characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce\n arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those\n APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to\n Apache Commons BCEL 6.6.0. (CVE-2022-42920)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2023-0005.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bcel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42920\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bcel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 9', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'bcel-6.4.1-9.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bcel');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T18:36:49", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:8958 advisory.\n\n - Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0. (CVE-2022-42920)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-12-13T00:00:00", "type": "nessus", "title": "RHEL 7 : bcel (RHSA-2022:8958)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-42920"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:bcel", "p-cpe:/a:redhat:enterprise_linux:bcel-javadoc"], "id": "REDHAT-RHSA-2022-8958.NASL", "href": "https://www.tenable.com/plugins/nessus/168674", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:8958. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168674);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\"CVE-2022-42920\");\n script_xref(name:\"RHSA\", value:\"2022:8958\");\n\n script_name(english:\"RHEL 7 : bcel (RHSA-2022:8958)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:8958 advisory.\n\n - Apache Commons BCEL has a number of APIs that would normally only allow changing specific class\n characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce\n arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those\n APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to\n Apache Commons BCEL 6.6.0. (CVE-2022-42920)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-42920\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:8958\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bcel and / or bcel-javadoc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42920\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bcel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bcel-javadoc\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/debug',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/os',\n 'content/dist/rhel-alt/server/7/7Server/armv8-a/aarch64/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/os',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/os',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/os',\n 'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/os',\n 'content/fastrack/rhel/power/7/ppc64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bcel-5.2-19.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bcel-javadoc-5.2-19.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bcel / bcel-javadoc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-27T19:30:28", "description": "The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2843-1 advisory.\n\n - Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability. (CVE-2023-33201)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-07-18T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 / openSUSE 15 Security Update : bouncycastle (SUSE-SU-2023:2843-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-33201"], "modified": "2023-07-18T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:bouncycastle", "p-cpe:/a:novell:suse_linux:bouncycastle-pg", "p-cpe:/a:novell:suse_linux:bouncycastle-pkix", "p-cpe:/a:novell:suse_linux:bouncycastle-util", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2023-2843-1.NASL", "href": "https://www.tenable.com/plugins/nessus/178401", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2023:2843-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(178401);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/18\");\n\n script_cve_id(\"CVE-2023-33201\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2023:2843-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 / openSUSE 15 Security Update : bouncycastle (SUSE-SU-2023:2843-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are\naffected by a vulnerability as referenced in the SUSE-SU-2023:2843-1 advisory.\n\n - Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only\n affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During\n the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP\n search filter without any escaping, which leads to an LDAP injection vulnerability. (CVE-2023-33201)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1212508\");\n # https://lists.suse.com/pipermail/sle-security-updates/2023-July/015507.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b7bb650f\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-33201\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-33201\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/07/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bouncycastle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bouncycastle-pg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bouncycastle-pkix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bouncycastle-util\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLED_SAP15|SLES15|SLES_SAP15|SUSE15\\.4|SUSE15\\.5)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP4/5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLED_SAP15\" && (! preg(pattern:\"^(4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED_SAP15 SP4/5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3|4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3/4/5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(2|3|4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP2/3/4/5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'bouncycastle-1.74-150200.3.21.1', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'bouncycastle-pg-1.74-150200.3.21.1', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'bouncycastle-pkix-1.74-150200.3.21.1', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'bouncycastle-util-1.74-150200.3.21.1', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'bouncycastle-1.74-150200.3.21.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'bouncycastle-pg-1.74-150200.3.21.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'bouncycastle-pkix-1.74-150200.3.21.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'bouncycastle-util-1.74-150200.3.21.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'bouncycastle-1.74-150200.3.21.1', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'bouncycastle-1.74-150200.3.21.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'bouncycastle-pg-1.74-150200.3.21.1', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'bouncycastle-pg-1.74-150200.3.21.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'bouncycastle-pkix-1.74-150200.3.21.1', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'bouncycastle-pkix-1.74-150200.3.21.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'bouncycastle-util-1.74-150200.3.21.1', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'bouncycastle-util-1.74-150200.3.21.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},\n {'reference':'bouncycastle-1.74-150200.3.21.1', 'sp':'5', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},\n {'reference':'bouncycastle-1.74-150200.3.21.1', 'sp':'5', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},\n {'reference':'bouncycastle-pg-1.74-150200.3.21.1', 'sp':'5', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},\n {'reference':'bouncycastle-pg-1.74-150200.3.21.1', 'sp':'5', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},\n {'reference':'bouncycastle-pkix-1.74-150200.3.21.1', 'sp':'5', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},\n {'reference':'bouncycastle-pkix-1.74-150200.3.21.1', 'sp':'5', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},\n {'reference':'bouncycastle-util-1.74-150200.3.21.1', 'sp':'5', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},\n {'reference':'bouncycastle-util-1.74-150200.3.21.1', 'sp':'5', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},\n {'reference':'bouncycastle-1.74-150200.3.21.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3', 'SLE_RT-release-15.3']},\n {'reference':'bouncycastle-pg-1.74-150200.3.21.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3', 'SLE_RT-release-15.3']},\n {'reference':'bouncycastle-pkix-1.74-150200.3.21.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3', 'SLE_RT-release-15.3']},\n {'reference':'bouncycastle-util-1.74-150200.3.21.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3', 'SLE_RT-release-15.3']},\n {'reference':'bouncycastle-1.74-150200.3.21.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'bouncycastle-pg-1.74-150200.3.21.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'bouncycastle-pkix-1.74-150200.3.21.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'bouncycastle-util-1.74-150200.3.21.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'bouncycastle-1.74-150200.3.21.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},\n {'reference':'bouncycastle-pg-1.74-150200.3.21.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},\n {'reference':'bouncycastle-pkix-1.74-150200.3.21.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},\n {'reference':'bouncycastle-util-1.74-150200.3.21.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},\n {'reference':'bouncycastle-1.74-150200.3.21.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'SUSE-Manager-Proxy-release-4.3', 'SUSE-Manager-Server-release-4.3', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4', 'suse-manager-server-release-4.3']},\n {'reference':'bouncycastle-1.74-150200.3.21.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'SUSE-Manager-Proxy-release-4.3', 'SUSE-Manager-Server-release-4.3', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4', 'suse-manager-server-release-4.3']},\n {'reference':'bouncycastle-pg-1.74-150200.3.21.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'SUSE-Manager-Proxy-release-4.3', 'SUSE-Manager-Server-release-4.3', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4', 'suse-manager-server-release-4.3']},\n {'reference':'bouncycastle-pg-1.74-150200.3.21.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'SUSE-Manager-Proxy-release-4.3', 'SUSE-Manager-Server-release-4.3', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4', 'suse-manager-server-release-4.3']},\n {'reference':'bouncycastle-pkix-1.74-150200.3.21.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'SUSE-Manager-Proxy-release-4.3', 'SUSE-Manager-Server-release-4.3', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4', 'suse-manager-server-release-4.3']},\n {'reference':'bouncycastle-pkix-1.74-150200.3.21.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'SUSE-Manager-Proxy-release-4.3', 'SUSE-Manager-Server-release-4.3', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4', 'suse-manager-server-release-4.3']},\n {'reference':'bouncycastle-util-1.74-150200.3.21.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'SUSE-Manager-Proxy-release-4.3', 'SUSE-Manager-Server-release-4.3', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4', 'suse-manager-server-release-4.3']},\n {'reference':'bouncycastle-util-1.74-150200.3.21.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'SUSE-Manager-Proxy-release-4.3', 'SUSE-Manager-Server-release-4.3', 'sle-module-development-tools-release-15.4', 'sled-release-15.4', 'sles-release-15.4', 'suse-manager-server-release-4.3']},\n {'reference':'bouncycastle-1.74-150200.3.21.1', 'sp':'5', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},\n {'reference':'bouncycastle-1.74-150200.3.21.1', 'sp':'5', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},\n {'reference':'bouncycastle-pg-1.74-150200.3.21.1', 'sp':'5', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},\n {'reference':'bouncycastle-pg-1.74-150200.3.21.1', 'sp':'5', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},\n {'reference':'bouncycastle-pkix-1.74-150200.3.21.1', 'sp':'5', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},\n {'reference':'bouncycastle-pkix-1.74-150200.3.21.1', 'sp':'5', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},\n {'reference':'bouncycastle-util-1.74-150200.3.21.1', 'sp':'5', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},\n {'reference':'bouncycastle-util-1.74-150200.3.21.1', 'sp':'5', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-development-tools-release-15.5', 'sled-release-15.5', 'sles-release-15.5']},\n {'reference':'bouncycastle-1.74-150200.3.21.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'bouncycastle-javadoc-1.74-150200.3.21.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'bouncycastle-mail-1.74-150200.3.21.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'bouncycastle-pg-1.74-150200.3.21.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'bouncycastle-pkix-1.74-150200.3.21.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'bouncycastle-tls-1.74-150200.3.21.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'bouncycastle-util-1.74-150200.3.21.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'bouncycastle-1.74-150200.3.21.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},\n {'reference':'bouncycastle-javadoc-1.74-150200.3.21.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},\n {'reference':'bouncycastle-jmail-1.74-150200.3.21.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},\n {'reference':'bouncycastle-mail-1.74-150200.3.21.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},\n {'reference':'bouncycastle-pg-1.74-150200.3.21.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},\n {'reference':'bouncycastle-pkix-1.74-150200.3.21.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},\n {'reference':'bouncycastle-tls-1.74-150200.3.21.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']},\n {'reference':'bouncycastle-util-1.74-150200.3.21.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bouncycastle / bouncycastle-javadoc / bouncycastle-jmail / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-07T18:18:02", "description": "The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3267 advisory.\n\n - XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This issue is patched in version 1.4.20 which handles the stack overflow and raises an InputManipulationException instead. A potential workaround for users who only use HashMap or HashSet and whose XML refers these only as default map or set, is to change the default implementation of java.util.Map and java.util per the code example in the referenced advisory. However, this implies that your application does not care about the implementation of the map and all elements are comparable. (CVE-2022-41966)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-16T00:00:00", "type": "nessus", "title": "Debian DLA-3267-1 : libxstream-java - LTS security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-41966"], "modified": "2023-09-07T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libxstream-java", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DLA-3267.NASL", "href": "https://www.tenable.com/plugins/nessus/170076", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-3267. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170076);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/07\");\n\n script_cve_id(\"CVE-2022-41966\");\n\n script_name(english:\"Debian DLA-3267-1 : libxstream-java - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3267\nadvisory.\n\n - XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote\n attacker to terminate the application with a stack overflow error, resulting in a denial of service only\n via manipulation the processed input stream. The attack uses the hash code implementation for collections\n and maps to force recursive hash calculation causing a stack overflow. This issue is patched in version\n 1.4.20 which handles the stack overflow and raises an InputManipulationException instead. A potential\n workaround for users who only use HashMap or HashSet and whose XML refers these only as default map or\n set, is to change the default implementation of java.util.Map and java.util per the code example in the\n referenced advisory. However, this implies that your application does not care about the implementation of\n the map and all elements are comparable. (CVE-2022-41966)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027754\");\n # https://security-tracker.debian.org/tracker/source-package/libxstream-java\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b2068716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2023/dla-3267\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-41966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/libxstream-java\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the libxstream-java packages.\n\nFor Debian 10 buster, this problem has been fixed in version 1.4.11.1-1+deb10u4.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41966\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxstream-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar debian_release = get_kb_item('Host/Debian/release');\nif ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');\ndebian_release = chomp(debian_release);\nif (! preg(pattern:\"^(10)\\.[0-9]+\", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + debian_release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '10.0', 'prefix': 'libxstream-java', 'reference': '1.4.11.1-1+deb10u4'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var _release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (_release && prefix && reference) {\n if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libxstream-java');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "ubuntu": [{"lastseen": "2023-12-06T18:21:53", "description": "## Releases\n\n * Ubuntu 22.10 \n * Ubuntu 22.04 LTS\n * Ubuntu 20.04 LTS\n * Ubuntu 18.04 ESM\n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * batik \\- SVG Library\n\nIt was discovered that Apache Batik incorrectly handled certain inputs. An \nattacker could possibly use this to perform a cross site request forgery \nattack. (CVE-2019-17566, CVE-2020-11987, CVE-2022-38398, CVE-2022-38648)\n\nIt was discovered that Apache Batik incorrectly handled Jar URLs in some \nsituations. A remote attacker could use this issue to access files on the \nserver. (CVE-2022-40146)\n\nIt was discovered that Apache Batik allowed running untrusted Java code from \nan SVG. An attacker could use this issue to cause a denial of service, \nor possibly execute arbitrary code. (CVE-2022-41704, CVE-2022-42890)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2023-05-30T00:00:00", "type": "ubuntu", "title": "Apache Batik vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17566", "CVE-2020-11987", "CVE-2022-38398", "CVE-2022-38648", "CVE-2022-40146", "CVE-2022-41704", "CVE-2022-42890"], "modified": "2023-05-30T00:00:00", "id": "USN-6117-1", "href": "https://ubuntu.com/security/notices/USN-6117-1", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "ibm": [{"lastseen": "2023-12-06T18:10:38", "description": "## Summary\n\nThis Security Vulnerablity has been addressed in IBM Engineering Test Management in newer releases\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-38648](<https://vulners.com/cve/CVE-2022-38648>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw when calling the fop function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to fetch external resources. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236846](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236846>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2022-40146](<https://vulners.com/cve/CVE-2022-40146>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultScriptSecurity function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to access files using a Jar url. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236847](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236847>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-38398](<https://vulners.com/cve/CVE-2022-38398>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultExternalResourceSecurity function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to load a url thru the jar protocol. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236845](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236845>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nETM| 7.0.1 \nETM| 7.0.2 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading and applying the suggested fix that uses upgraded version of batik-all library. \n\nSuggested :\n\n**Product(s)**| **Version(s) \n**| **Remediation/Fix/Instructions** \n---|---|--- \nEngineering Test Management | 7.0.1| \n\nDownload and apply ETM 7.0.1 iFix22 from Fix Central [here](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Test+Management&release=7.0.1&platform=All&function=all>) \n \nEngineering Test Management | 7.0.2| Download and apply ETM 7.0.2 iFix22 from Fix Central [here](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Test+Management&release=7.0.2&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-05-02T07:45:16", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in batik-all library affects IBM Engineering Test Management (ETM) (CVE-2022-38648, CVE-2022-40146, CVE-2022)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-38398", "CVE-2022-38648", "CVE-2022-40146"], "modified": "2023-05-02T07:45:16", "id": "ED8F8307E017F0B5E99D75B0A0278941C71E34AEAB269BE8FE00779D7C4262C4", "href": "https://www.ibm.com/support/pages/node/6987681", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-06T18:14:33", "description": "## Summary\n\nThere are several vulnerabilities in Apache Batik used by IBM Maximo Manage application in IBM Maximo Application Suite\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2022-40146](<https://vulners.com/cve/CVE-2022-40146>) \n**DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultScriptSecurity function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to access files using a Jar url. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236847](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236847>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID: **[CVE-2022-38648](<https://vulners.com/cve/CVE-2022-38648>) \n**DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw when calling the fop function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to fetch external resources. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236846](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236846>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2022-38398](<https://vulners.com/cve/CVE-2022-38398>) \n**DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultExternalResourceSecurity function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to load a url thru the jar protocol. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236845](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236845>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Maximo Application Suite - Manage Component | \n\nMAS 8.8 - Manage 8.4 \n \n## Remediation/Fixes\n\n**For IBM Maximo Manage application in IBM Maximo Application Suite:**\n\nMaximo Application Suite Patch Fix or Release | Manage Patch Fix or Release \n---|--- \nUpgrade to MAS version 8.8.7 or latest Patch Fix available | 8.4.7 or latest (available from the Catalog under Update Available) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-04-04T21:55:52", "type": "ibm", "title": "Security Bulletin: There are several vulnerabilities in Apache Batik used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-40146, CVE-2022-38648, CVE-2022-38398)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-38398", "CVE-2022-38648", "CVE-2022-40146"], "modified": "2023-04-04T21:55:52", "id": "B443C6268C32A55B714975F403CE2E916F8F1924C5682DCFF02C21AFD815860C", "href": "https://www.ibm.com/support/pages/node/6980867", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-06T17:54:10", "description": "## Summary\n\nApache Batik is used by IBM Application Performance Management.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-40146](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236847>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultScriptSecurity function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to access files using a Jar url. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236847](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236847>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-38648](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236846>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw when calling the fop function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to fetch external resources. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236846](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236846>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2022-38398](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236845>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultExternalResourceSecurity function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to load a url thru the jar protocol. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236845](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236845>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud APM, Base Private| 8.1.4 \nIBM Cloud APM, Advanced Private| 8.1.4 \n \n## Remediation/Fixes\n\nIBM Cloud Application Performance Management, Base Private \n \nIBM Cloud Application Performance Management, Advanced Private| 8.1.4| \n\nThe vulnerability can be remediated by applying the following 8.1.4.0-IBM-APM-SERVER-IF0014 or later server patch to the system where the Cloud APM server is installed: <https://www.ibm.com/support/pages/node/7028410> \n \n---|---|--- \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-09-13T07:59:32", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Apache Batik affect IBM Application Performance Management products", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-38398", "CVE-2022-38648", "CVE-2022-40146"], "modified": "2023-09-13T07:59:32", "id": "C11BA9E14CD6800C4F5B26BAB241BCB07EF8006C97D429A46A56F40566B74CA8", "href": "https://www.ibm.com/support/pages/node/7031994", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-06T17:54:46", "description": "## Summary\n\nMultiple vulnerabilities have been identified in batik-bridge-1.7.jar which is shipped with IBM\u00ae Intelligent Operations Center. Information about these vulnerabilities affecting IBM\u00ae Intelligent Operations Center have been published and addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-40146](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236847>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultScriptSecurity function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to access files using a Jar url. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236847](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236847>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-38648](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236846>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw when calling the fop function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to fetch external resources. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236846](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236846>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2022-38398](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236845>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultExternalResourceSecurity function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to load a url thru the jar protocol. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236845](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236845>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIntelligent Operations Center (IOC)| 5.1.0, 5.1.0.2, 5.1.0.3, 5.1.0.4, 5.1.0.6, 5.2, 5.2.1, 5.2.2, 5.2.3 \n \n## Remediation/Fixes\n\nThe recommended solution is to apply an interim fix that contains the fix for this issue as soon as practical.\n\nDownload the IBM Intelligent Operations Center Version 5.2.4 is an upgrade to IBM Intelligent Operations Center Version 5.2.3 through IBM Intelligent Operations Center Version 5.2 from the following link:\n\n[IBM Intelligent Operations Center Version 5.2.4](<https://www.ibm.com/support/pages/node/7022369>)\n\nInstallation instructions for the fix are included in the readme document that is in the fix package.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-09-05T13:23:31", "type": "ibm", "title": "Security Bulletin: Vulnerabilities found in batik-bridge-1.7.jar which is shipped with IBM\u00ae Intelligent Operations Center(CVE-2022-40146, CVE-2022-38648, CVE-2022-38398)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-38398", "CVE-2022-38648", "CVE-2022-40146"], "modified": "2023-09-05T13:23:31", "id": "EB4D77DF2606CC961A9837462FA9F768B43E2641736E483B9318E136D52C90D1", "href": "https://www.ibm.com/support/pages/node/7030631", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-06T18:14:27", "description": "## Summary\n\nThere are several vulnerabilities in Apache Batik used by IBM Maximo Asset Management.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2022-40146](<https://vulners.com/cve/CVE-2022-40146>) \n**DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultScriptSecurity function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to access files using a Jar url. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236847](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236847>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID: **[CVE-2022-38648](<https://vulners.com/cve/CVE-2022-38648>) \n**DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw when calling the fop function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to fetch external resources. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236846](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236846>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2022-38398](<https://vulners.com/cve/CVE-2022-38398>) \n**DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultExternalResourceSecurity function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to load a url thru the jar protocol. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236845](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236845>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nThis vulnerability affects the following versions of the IBM Maximo Asset Management core product. The recommended action is to update to the latest version.\n\n**Product versions affected:**\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Maximo Asset Management | 7.6.1.2 \nIBM Maximo Asset Management | 7.6.1.3 \n \n* To determine the core product version, log in and view System Information. The core product version is the \"Tivoli's process automation engine\" version. Please consult the [Platform Matrix](<https://www.ibm.com/support/pages/node/1288432> \"Platform Matrix\" ) for a list of supported product combinations.\n\n## Remediation/Fixes\n\nThe recommended solution is to download the appropriate Interim Fix or Fix Pack from Fix Central (What is Fix Central?) and apply for each affected product as soon as possible. Please see below for information on the fixes available for each product, version, and release. Follow the installation instructions in the \u2018readme\u2019 documentation provided with each fix pack or interim fix. \n\n**For Maximo Asset Management 7.6:**\n\nVRM | Fix Pack, Feature Pack, or Interim Fix | Download \n---|---|--- \n7.6.1.2 | Maximo Asset Management 7.6.1.2 iFix: \n[7.6.1.2-TIV-MBS-IF031](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/IBM+Maximo+Asset+Management&release=7.6.1.1&platform=All&function=fixId&fixids=7.6.1.2-TIV-MBS-IF031&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp> \"7.6.1.2-TIV-MBS-IF031\" ) or latest Interim Fix available | [FixCentral](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/IBM+Maximo+Asset+Management&release=7.6.1.2&platform=All&function=all> \"FixCentral\" ) \n7.6.1.3 | \n\nMaximo Asset Management 7.6.1.3 iFix:\n\n[7.6.1.3-TIV-MBS-IF006](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/IBM+Maximo+Asset+Management&release=7.6.1.3&platform=All&function=fixId&fixids=7.6.1.3-TIV-MBS-IF006&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"7.6.1.3-TIV-MBS-IF006\" ) or latest Interim Fix available\n\n| \n\n[FixCentral](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/IBM+Maximo+Asset+Management&release=7.6.1.3&platform=All&function=all> \"FixCentral\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-04-05T15:03:48", "type": "ibm", "title": "Security Bulletin: There are several vulnerabilities in Apache Batik used by IBM Maximo Asset Management (CVE-2022-40146, CVE-2022-38648, CVE-2022-38398)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-38398", "CVE-2022-38648", "CVE-2022-40146"], "modified": "2023-04-05T15:03:48", "id": "78EEA56B2A5DF0C85488A5A142301BFC2DAF518E90B972461A497445D7F5E4DE", "href": "https://www.ibm.com/support/pages/node/6981109", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-06T17:59:11", "description": "## Summary\n\nThe IBM\u00ae Engineering System Design Rhapsody 9.0.1 iFix005 contains fix for CVE-2022-40146, CVE-2022-38648, CVE-2022-38398 batik-bridge-1.7.jar which is identified as a vulnerability during OSS scan. This version contains upgraded vresion of barik-bridge to batik-bridge-1.16.jar .jar\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-40146](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236847>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultScriptSecurity function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to access files using a Jar url. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236847](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236847>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-38648](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236846>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw when calling the fop function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to fetch external resources. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236846](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236846>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2022-38398](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236845>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultExternalResourceSecurity function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to load a url thru the jar protocol. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236845](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236845>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Engineering Systems Design Rhapsody| 9.0.1 \n \n## Remediation/Fixes\n\nFor the IBM\u00ae Engineering Design Rhapsody product versions 9.0.1, IBM strongly recommends addressing the vulnerability by applying a currently available [Rhapsody 901 SR1 iFix005](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Systems+Design+Rhapsody&release=9.0.1&platform=All&function=fixId&fixids=Rhapsody901Windows.9.0.1_iFix005&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"Rhapsody 901 SR1 iFix005\" ) full install.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-07-13T10:57:51", "type": "ibm", "title": "Security Bulletin: The IBM\u00ae Engineering System Design Rhapsody products on IBM Jazz Technology contains additional security fixe for CVE-2022-40146, CVE-2022-38648, CVE-2022-38398 for batik-bridge-1.7.jar (Publicly disclosed vulnerability found by Mend)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-38398", "CVE-2022-38648", "CVE-2022-40146"], "modified": "2023-07-13T10:57:51", "id": "88B8DC6EA75D39C653142024A42B12BB1759F97DF4BF203772EFB3960C20E495", "href": "https://www.ibm.com/support/pages/node/7011741", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-06T17:52:30", "description": "## Summary\n\nThere are several vulnerabilities in Apache Batik used by IBM Jazz Reporting Service(JRS). This vulnerabiliity is addressed in JRS by upgrading to a version of Apache Batik that resolves the issue.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-40146](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236847>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultScriptSecurity function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to access files using a Jar url. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236847](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236847>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-38648](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236846>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw when calling the fop function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to fetch external resources. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236846](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236846>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2022-38398](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236845>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultExternalResourceSecurity function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to load a url thru the jar protocol. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236845](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236845>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Jazz Reporting Service| 7.0.2 \nIBM Jazz Reporting Service| 7.0.1 \n \n## Remediation/Fixes\n\nThe recommended solution is to download the appropriate Interim Fix or Fix Pack from Fix Central and apply for each affected product as soon as possible. \nReleased a iFix version for Jazz Reporting Service 7.0.2 iFix021: To ensure users could protect themselves from this vulnerability, the upgraded version of Apache Batik-bridge has been released in this ifix.\n\n**Product**| **Version**| **iFix**| **Remediation / First Fix** \n---|---|---|--- \nIBM Jazz Reporting Service| 7.0.2| iFix021| [Fix Central - 7.0.2](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Lifecycle+Management&release=All&platform=All&function=fixId&fixids=7.0.2-IBM-ELM-iFix021&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"Fix Central - 7.0.2\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-10-04T10:44:16", "type": "ibm", "title": "Security Bulletin: There are several vulnerabilities in Apache Batik used by IBM Jazz Reporting Service (CVE-2022-40146, CVE-2022-38648, CVE-2022-38398)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-38398", "CVE-2022-38648", "CVE-2022-40146"], "modified": "2023-10-04T10:44:16", "id": "8AC2B8BF18DFE033F865ED53A61B3DBEB5E0DF21D0F1634B030AAECB5AAD0C73", "href": "https://www.ibm.com/support/pages/node/7046974", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-06T18:10:34", "description": "## Summary\n\nThis Security Vulnerablity has been addressed in IBM Engineering Test Management in newer releases\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-38648](<https://vulners.com/cve/CVE-2022-38648>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw when calling the fop function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to fetch external resources. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236846](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236846>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2022-40146](<https://vulners.com/cve/CVE-2022-40146>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultScriptSecurity function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to access files using a Jar url. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236847](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236847>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-38398](<https://vulners.com/cve/CVE-2022-38398>) \n** DESCRIPTION: **Apache Batik is vulnerable to server-side request forgery, caused by a flaw in the DefaultExternalResourceSecurity function. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to load a url thru the jar protocol. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236845](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236845>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nETM| 7.0.1 \nETM| 7.0.2 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading and applying the suggested fix that uses upgraded version of batik-all library. \n\nSuggested :\n\n**Product(s)**| **Version(s) \n**| **Remediation/Fix/Instructions** \n---|---|--- \nEngineering Test Management | 7.0.1| \n\nDownload and apply ETM 7.0.1 iFix22 from Fix Central [here](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Test+Management&release=7.0.1&platform=All&function=all>) \n \nEngineering Test Management | 7.0.2| Download and apply ETM 7.0.2 iFix22 from Fix Central [here](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Test+Management&release=7.0.2&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-05-02T07:44:24", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in batik-all library affects IBM Engineering Test Management (ETM) (CVE-2022-38648, CVE-2022-40146, CVE-2022)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-38398", "CVE-2022-38648", "CVE-2022-40146"], "modified": "2023-05-02T07:44:24", "id": "6DF11C48DBD150389BD788E33E0F9C8BBDAF1FA8674FAE3BD975AF6F35875619", "href": "https://www.ibm.com/support/pages/node/6987675", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-06T18:08:10", "description": "## Summary\n\nThis Security Bulletin addresses the security vulnerabilities that have been fixed within the IBM Operational Decision Manager. This product now includes fixes for the following security vulnerabilities.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-1471](<https://vulners.com/cve/CVE-2022-1471>) \n** DESCRIPTION: **SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the Constructor class. By using a specially-crafted yaml content, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/241118](<https://exchange.xforce.ibmcloud.com/vulnerabilities/241118>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L) \n \n** CVEID: **[CVE-2023-20861](<https://vulners.com/cve/CVE-2023-20861>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service. By sending a specially crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/250701](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250701>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2023-1370](<https://vulners.com/cve/CVE-2023-1370>) \n** DESCRIPTION: **netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By sending a specially crafted input, a remote attacker could exploit this vulnerability to cause a stack exhaustion and crash the software. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/249885](<https://exchange.xforce.ibmcloud.com/vulnerabilities/249885>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2023-20860](<https://vulners.com/cve/CVE-2023-20860>) \n** DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote attacker to bypass security restrictions, caused by the use of an un-prefixed double wildcard pattern with the mvcRequestMatcher in Spring Security configuration. An attacker could exploit this vulnerability to create a mismatch in pattern matching between Spring Security and Spring MVC. \nCVSS Base score: 9.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/250679](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250679>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Operational Decision Manager| 8.10.x \nIBM Operational Decision Manager| 8.11.x \n \n\n\n## Remediation/Fixes\n\nIBM Operational Decision Manager V8.10.5.1: \n\nInterim fix 34 for DT211502 is available from [IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Operational+Decision+Management&release=8.10.5.1&platform=All&function=all>):\n\n * 8.10.5.1-WS-ODM_K8S-PPC64LE-IF034\n * 8.10.5.1-WS-ODM_K8S-PPC64LE-IF034\n * 8.10.5.1-WS-ODM_K8S-LIN_X86-IF034\n * 8.10.5.1-WS-ODM_DC-IF034\n * 8.10.5.1-WS-ODM_DS-IF034\n * 8.10.5.1-WS-ODM_ENG-IF034\n\nIBM Operational Decision Manager V8.11.0.1:\n\nInterim fix 17 for DT211502 is available from [IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+Operational+Decision+Management&release=8.11.0.1&platform=All&function=all>):\n\n * 8.11.0.1-WS-ODM-IF017\n * 8.11.0.1-WS-ODM_K8S-PPC64LE-IF017\n * 8.11.0.1-WS-ODM_K8S-LIN_S390-IF017\n * 8.11.0.1-WS-ODM_K8S-LIN_X86-IF017\n\nIBM Operational Decision Manager V8.11.1:\n\nInterim fix 5 for DT211502 is available from [IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+Operational+Decision+Management&release=8.11.1.0&platform=All&function=all>):\n\n * 8.11.1.0-WS-ODM_K8S-LIN_S390-IF005\n * 8.11.1.0-WS-ODM_K8S-PPC64LE-IF005\n * 8.11.1.0-WS-ODM_K8S-LIN_X86-IF005\n * 8.11.1.0-WS-ODM-IF005\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-05-22T09:01:51", "type": "ibm", "title": "Security Bulletin: IBM Operational Decision Manager April 2023 - Multiple CVEs", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1471", "CVE-2023-1370", "CVE-2023-20860", "CVE-2023-20861"], "modified": "2023-05-22T09:01:51", "id": "06771A3637E9F001B4466A8447005903BB47184824F7551A5ACF477DA1657402", "href": "https://www.ibm.com/support/pages/node/6997063", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-08T18:09:11", "description": "## Summary\n\nPotential VMware Tanzu Spring Framework security bypass and denial of service vulnerabilities have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerabilities have been addressed. Refer to details for additional information. [CVE-2023-20860, CVE-2023-20861]\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-20860](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250679>) \n** DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote attacker to bypass security restrictions, caused by the use of an un-prefixed double wildcard pattern with the mvcRequestMatcher in Spring Security configuration. An attacker could exploit this vulnerability to create a mismatch in pattern matching between Spring Security and Spring MVC. \nCVSS Base score: 9.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/250679](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250679>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2023-20861](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250701>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service. By sending a specially crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/250701](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250701>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Assistant for IBM Cloud Pak for Data| 4.0.2, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.5.1, 4.5.3, 4.6. 4.6.2, 4.6.3 \n \n## Remediation/Fixes\n\nFor all affected versions, IBM strongly recommends addressing the vulnerability now by upgrading to the latest (v4.7.0 or later releases) release of IBM Watson Assistant for IBM Cloud Pak for Data which maintains backward compatibility with the versions listed above.\n\n**Product Latest Version**| **Remediation/Fix/Instructions** \n---|--- \nIBM Watson Assistant for IBM Cloud Pak for Data 4.7.0| \n\nFollow instructions for Installing Watson Assistant in Link to Release (v4.7.0 release information)\n\n<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.7.x> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-07-06T18:07:00", "type": "ibm", "title": "Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to VMware Tanzu Spring Framework security bypass and denial of service vulnerabilities [CVE-2023-20860, CVE-2023-20861]", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-20860", "CVE-2023-20861"], "modified": "2023-07-06T18:07:00", "id": "80A3730F540EB601DE7F4E1BAAA934E28FC226500C11CD3BA07406C977D4EE1C", "href": "https://www.ibm.com/support/pages/node/7010091", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-08T18:24:33", "description": "## Summary\n\nIBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of VMware Tanzu Spring Framework. IBM has addressed the. vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-20861](<https://vulners.com/cve/CVE-2023-20861>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service. By sending a specially crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/250701](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250701>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2023-20860](<https://vulners.com/cve/CVE-2023-20860>) \n** DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote attacker to bypass security restrictions, caused by the use of an un-prefixed double wildcard pattern with the mvcRequestMatcher in Spring Security configuration. An attacker could exploit this vulnerability to create a mismatch in pattern matching between Spring Security and Spring MVC. \nCVSS Base score: 9.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/250679](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250679>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nWatson Discovery| 4.0.0-4.6.3 \n \n## Remediation/Fixes\n\nUpgrade to IBM Watson Discovery 4.6.5\n\n<https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-05-02T22:18:56", "type": "ibm", "title": "Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in VMware Tanzu Spring Framework", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-20860", "CVE-2023-20861"], "modified": "2023-05-02T22:18:56", "id": "B14642F54A5107B24F27A9FCF4EB0B9FB85D1169572912D2BED9CD965A5B3F1C", "href": "https://www.ibm.com/support/pages/node/6983240", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-12-06T18:27:21", "description": "## Summary\n\nThis security bulletin addresses the vulnerabilities in Open Source Apache CXF that affect IBM Tivoli Application Dependency Discovery Manager (CVE-2022-46364,CVE-2022-46363). IBM Tivoli Application Dependency Discovery Manager is using Apache CXF for its SOAP API and REST API implementation.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-46363](<https://vulners.com/cve/CVE-2022-46363>) \n** DESCRIPTION: **Apache CXF could allow a remote attacker to obtain sensitive information, caused by a flaw when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. By sending a specially-crafted request, an attacker could exploit this vulnerability to perform directory listing or code exfiltration, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/242009](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242009>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-46364](<https://vulners.com/cve/CVE-2022-46364>) \n** DESCRIPTION: **Apache CXF is vulnerable to server-side request forgery, caused by a flaw in parsing the href attribute of XOP:Include in MTOM requests. By using a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/242008](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242008>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Application Dependency Discovery Manager| 7.3.0.0-7.3.0.10 \n \n\n\n## Remediation/Fixes\n\n**TADDM 7.3.0.5,7.3.0.8,7.3.0.9 and 7.3.0.10 : **The e-Fix in the table below can be downloaded and applied directly. \n\n**TADDM 7.3.0.6 and 7.3.0.7 : **If there are existing eFixes on these versions (ls -lrt etc/efix*), please contact IBM support and open a case for a custom version of the e-Fixes. Include the current e-Fix level (ls -lrt etc.efix*), TADDM version and a link to this bulletin. The e-Fix in the table below is created to be installed on the respective FixPacks only if there are no previously applied e-Fixes. \n\n**Fix **| **VRMF**| **APAR**| \n\n**How to acquire fix** \n \n---|---|---|--- \nefix_CVE-2022-46363-46364_FP5180802.zip | 7.3.0.5 | None| [Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=ugzV81ptbAFNyZX4JHLJjydRCA9XwonwYOOaF8QwV88> \"Download eFix\" ) \nefix_CVE-2022-46363-46364_FP6190313.zip| 7.3.0.6| None| [Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=X19mBOCfR2TLCexNq2L7GogVvRmOQS3mkxClFkS7IOo> \"Download eFix\" ) \nefix_CVE-2022-46363-46364_FP7200218.zip | 7.3.0.7| None| [Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=vwOrgjBdcyIszBTY0pjCkIJaAMQG0A8nWZKVrjYIuqc> \"Download eFix\" ) \nefix_CVE-2022-46363-46364_FP10221123.zip | 7.3.0.8-7.3.0.10| None| [Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=PrbIsnljFk3XoZAk8Nqx2OOODLmek9vPNghKkUabZok> \"Download eFix\" ) \n \n**Note:** Before TADDM 7.3.0.5, Java 7 was used and this CXF fix is applicable to Java 8. Hence, no e-Fix can be provided for versions before 7.3.0.5.\n\n## Workarounds and Mitigations\n\nFor customers on TADDM 7.3.0.3 or 7.3.0.4, recommendation is to upgrade to the latest version and then apply the e-fix directly. \n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-16T14:20:09", "type": "ibm", "title": "Security Bulletin: Apache CXF vulnerability identified in IBM Tivoli Application Dependency Discovery Manager", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-46363", "CVE-2022-46364"], "modified": "2023-01-16T14:20:09", "id": "EA4EC09665CE0CC62EAB829E3E3A3D0A5FF4869F26F4D8553EED6F15898938AB", "href": "https://www.ibm.com/support/pages/node/6855653", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:22:05", "description": "## Summary\n\nThis security bulletin addresses the vulnerabilitiy in Open Source Apache CXF that affect IBM Tivoli Application Dependency Discovery Manager (CVE-2022-46364). IBM Tivoli Application Dependency Discovery Manager is using Apache CXF for its SOAP API and REST API implementation.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-46364](<https://vulners.com/cve/CVE-2022-46364>) \n** DESCRIPTION: **Apache CXF is vulnerable to server-side request forgery, caused by a flaw in parsing the href attribute of XOP:Include in MTOM requests. By using a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/242008](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242008>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Application Dependency Discovery Manager| 7.3.0.0 - 7.3.0.10 \n \n\n\n## Remediation/Fixes\n\n**TADDM 7.3.0.5,7.3.0.8,7.3.0.9 and 7.3.0.10 : **The e-Fix in the table below can be downloaded and applied directly. \n\n**TADDM 7.3.0.6 and 7.3.0.7 : **If there are existing eFixes on these versions (ls -lrt etc/efix*), please contact IBM support and open a case for a custom version of the e-Fixes. Include the current e-Fix level (ls -lrt etc.efix*), TADDM version and a link to this bulletin. The e-Fix in the table below is created to be installed on the respective FixPacks only if there are no previously applied e-Fixes. \n\n**Fix **| **VRMF**| **APAR**| \n\n**How to acquire fix** \n \n---|---|---|--- \nefix_CVE-2022-46363-46364_FP5180802.zip| 7.3.0.5 | None| [Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=mT50gEEt01Jax7Fgfn5Pi7lOcqDlZIo1zNiSH9dwDKE> \"Download eFix\" ) \nefix_CVE-2022-46363-46364_FP6190313.zip| 7.3.0.6| None| [Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=qK4lOf68wmL6PdfArjw8HKpd1nBPe2IS1WHgw0BE5YU> \"Download eFix\" ) \nefix_CVE-2022-46363-46364_FP7200218.zip| 7.3.0.7| None| [Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=eWMjTvDLde2e8od562w1m01Pn2aoo1tK9kGsdHwEdZs> \"Download eFix\" ) \nefix_CVE-2022-46363-46364_FP10221123.zip| 7.3.0.8-7.3.0.10| None| [Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=lH62KLDsnv25WqYY6MaCnAtMUT4LAAzlqVT49BmmjrQ> \"Download eFix\" ) \n \n**Note:** Before TADDM 7.3.0.5, Java 7 was used and this CXF fix is applicable to Java 8. Hence, no e-Fix can be provided for versions before 7.3.0.5.\n\n## Workarounds and Mitigations\n\nFor customers on TADDM 7.3.0.3 or 7.3.0.4, recommendation is to upgrade to the latest version and then apply the e-fix directly. \n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-02-16T03:56:40", "type": "ibm", "title": "Security Bulletin: WebSphere Application Server Liberty is vulnerable to server-side request forgery due to Apache CXF", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-46363", "CVE-2022-46364"], "modified": "2023-02-16T03:56:40", "id": "1769260F0173291381DE3B5A09A8B6E258D9F33436EAFB8EB073987978DAA12F", "href": "https://www.ibm.com/support/pages/node/6956223", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-08T18:23:28", "description": "## Summary\n\nVulnerabilities in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (CVE-2023-20860, CVE-2023-20861). IBM has addressed the vulnerabilities.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-20861](<https://vulners.com/cve/CVE-2023-20861>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service. By sending a specially crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/250701](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250701>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2023-20860](<https://vulners.com/cve/CVE-2023-20860>) \n** DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote attacker to bypass security restrictions, caused by the use of an un-prefixed double wildcard pattern with the mvcRequestMatcher in Spring Security configuration. An attacker could exploit this vulnerability to create a mismatch in pattern matching between Spring Security and Spring MVC. \nCVSS Base score: 9.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/250679](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250679>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Application Dependency Discovery Manager| 7.3.0.0 -7.3.0.10 \n \n## Remediation/Fixes\n\nIn order to fix these vulnerabilities, Spring is to be upgraded to 5.3.26 version. The efix to resolve these vulnerabilities can only be applied to **TADDM version 7.3.0.9 or later versions** as per below given detailed steps. For customer at older TADDM Fixpack level (i.e., 7.3.0.8 or older), they need to first upgrade their TADDM environment to TADDM 7.3.0.9 level and then follow the step given below.\n\n**Detailed steps:**\n\n**For TADDM 7.3.0.9 & Above**, check if there is any previously applied eFixes in their TADDM environment.\n\n 1. If there is no prior efixes(ls -rlt etc/efix*) applied in their TADDM, then download the efix given in **Table-1 **and apply the efix.\n 2. If there are existing efixes on TADDM (ls -rlt etc/efix*), please contact IBM Support and open a case for a custom version of the eFix as the efix involves TADDM code changes. Include the current eFix level (ls -rlt etc/efix*), TADDM version and a link to this bulletin in the Support Case\n\n**For any other TADDM fixpack level** (i.e., 7.3.0.8 or older), to apply this bulletin, upgrade to TADDM 7.3.0.9 and then follow procedure as mentioned above for TADDM 7.3.0.9 & above .\n\n**Table-1**\n\nFix| \n\n**VRMF **\n\n| **APAR**| **How to acquire fix** \n---|---|---|--- \nefix_spring5.3.26_FP9211123.zip| \n\n7.3.0.9\n\n| None| [Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=WbpPZTD1wdlrywcrr0sDuB50jIkiftCnXke76p9PN7E> \"Download eFix\" ) \nefix_spring5.3.26_FP10221123.zip| \n\n7.3.0.10\n\n| None| [Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=1YFOTxuc7J4EPv00LCAx03sqwewY5uGtr7HXiualZgY> \"Download eFix\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-05-10T04:23:09", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (CVE-2023-20860, CVE-2023-20861).", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-20860", "CVE-2023-20861"], "modified": "2023-05-10T04:23:09", "id": "5E8673679B8A7CD5483BEF7C6FAB8E288E9D1933C8AE5E03D18C5C841E14B811", "href": "https://www.ibm.com/support/pages/node/6986585", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-12-06T18:09:59", "description": "## Summary\n\nIBM ECM Content Management Interoperability Services (CMIS) cfx-core security vulnerabilities CVE-2022-46363, CVE-2022-46364, affected, not vulnerable\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-46363](<https://vulners.com/cve/CVE-2022-46363>) \n** DESCRIPTION: **Apache CXF could allow a remote attacker to obtain sensitive information, caused by a flaw when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. By sending a specially-crafted request, an attacker could exploit this vulnerability to perform directory listing or code exfiltration, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/242009](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242009>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-46364](<https://vulners.com/cve/CVE-2022-46364>) \n** DESCRIPTION: **Apache CXF is vulnerable to server-side request forgery, caused by a flaw in parsing the href attribute of XOP:Include in MTOM requests. By using a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/242008](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242008>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n## Affected Products and Versions\n\nIBM ECM Content Management Interoperability Services (CMIS)\n\nAffected Product(s)| Version(s) \n---|--- \nCMIS| 3.0.7 \n \n\n\n## Remediation/Fixes\n\nTo resolve these vulnerabilities, install one of the patch sets listed below to upgrade to cfx-core v3.5.5 released December 13, 2022. \n\n**Product**| **VRMF**| **Remediation/First Fix** \n---|---|--- \nCMIS| 3.0.7| CMIS v3.0.7-IF2 - 4/28/2023 \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-05-03T18:01:09", "type": "ibm", "title": "Security Bulletin: IBM ECM Content Management Interoperability Services (CMIS) cfx-core security vulnerabilities CVE-2022-46363, CVE-2022-46364", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-46363", "CVE-2022-46364"], "modified": "2023-05-03T18:01:09", "id": "BE0125A0244A48C63EDE3EEB023192A76A967E2BE6D206ACCD9E28DFD20C9EF3", "href": "https://www.ibm.com/support/pages/node/6988115", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:44:34", "description": "## Summary\n\nIBM TRIRIGA Application Platform discloses CVE-2020-13956\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-13956](<https://vulners.com/cve/CVE-2020-13956>) \n** DESCRIPTION: **Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing request URIs to the library as java.net.URI object, an attacker could exploit this vulnerability to pick the wrong target host for request execution. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189572](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189572>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2012-5783](<https://vulners.com/cve/CVE-2012-5783>) \n** DESCRIPTION: **Apache Commons HttpClient, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/79984](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79984>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM TRIRIGA| All \n \n\n\n## Remediation/Fixes\n\n**Product**| **VRMF**| \n\n**Remediation/First Fix** \n \n---|---|--- \nIBM TRIRIGA Application Platform| 3.6.1.3| The fix is available for download on [FixCentral](<https://www.ibm.com/mysupport/s/ibm-community-support-search-results?q=Tririga%203.6.1.3&language=en_US> \"FixCentral\" ). \nIBM TRIRIGA Application Platform| 3.7.0.1| The fix is available for download on [FixCentral](<https://www.ibm.com/mysupport/s/ibm-community-support-search-results?q=Tririga%203.7.0.1&language=en_US> \"FixCental\" ) \nIBM TRIRIGA Application Platform| 3.8.0.1| The fix is available for download on [FixCentral](<https://www.ibm.com/mysupport/s/ibm-community-support-search-results?q=Tririga%203.8.0.1&language=en_US> \"FixCental\" ) \nIBM TRIRIGA Application Platform| 4.0.2| The fix is available for download on [FixCentral](<https://www.ibm.com/mysupport/s/ibm-community-support-search-results?q=Tririga%204.0.2&language=en_US> \"FixCental\" ) \nIBM TRIRIGA Application Platform| 4.1.1| The fix is available for download on [FixCentral](<https://www.ibm.com/mysupport/s/ibm-community-support-search-results?q=Tririga%204.1.1&language=en_US> \"FixCental\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-08-30T16:54:09", "type": "ibm", "title": "Security Bulletin: IBM TRIRIGA Application Platform discloses CVE-2020-13956", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5783", "CVE-2020-13956"], "modified": "2022-08-30T16:54:09", "id": "AAFF9E87667B35D62A52D77B8E5C3A000AE2419974F7C14545C23704BDDC171B", "href": "https://www.ibm.com/support/pages/node/6616303", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-12-06T18:44:26", "description": "## Summary\n\nIBM TRIRIGA Application Platform discloses CVE-2020-13956\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-13956](<https://vulners.com/cve/CVE-2020-13956>) \n** DESCRIPTION: **Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing request URIs to the library as java.net.URI object, an attacker could exploit this vulnerability to pick the wrong target host for request execution. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189572](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189572>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2012-5783](<https://vulners.com/cve/CVE-2012-5783>) \n** DESCRIPTION: **Apache Commons HttpClient, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/79984](<https://exchange.xforce.ibmcloud.com/vulnerabilities/79984>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM TRIRIGA| All \n \n\n\n## Remediation/Fixes\n\n**Product**| **VRMF**| \n\n**Remediation/First Fix** \n \n---|---|--- \nIBM TRIRIGA Application Platform| 3.6.1.3| The fix is available for download on [FixCentral](<https://www.ibm.com/mysupport/s/ibm-community-support-search-results?q=Tririga%203.6.1.3&language=en_US> \"FixCentral\" ). \nIBM TRIRIGA Application Platform| 3.7.0.1| The fix is available for download on [FixCentral](<https://www.ibm.com/mysupport/s/ibm-community-support-search-results?q=Tririga%203.7.0.1&language=en_US> \"FixCental\" ) \nIBM TRIRIGA Application Platform| 3.8.0.1| The fix is available for download on [FixCentral](<https://www.ibm.com/mysupport/s/ibm-community-support-search-results?q=Tririga%203.8.0.1&language=en_US> \"FixCental\" ) \nIBM TRIRIGA Application Platform| 4.0.2| The fix is available for download on [FixCentral](<https://www.ibm.com/mysupport/s/ibm-community-support-search-results?q=Tririga%204.0.2&language=en_US> \"FixCental\" ) \nIBM TRIRIGA Application Platform| 4.1.1| The fix is available for download on [FixCentral](<https://www.ibm.com/mysupport/s/ibm-community-support-search-results?q=Tririga%204.1.1&language=en_US> \"FixCental\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-08-30T16:54:42", "type": "ibm", "title": "Security Bulletin:IBM TRIRIGA Application Platform discloses CVE-2020-13956", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5783", "CVE-2020-13956"], "modified": "2022-08-30T16:54:42", "id": "A380C4CD3FFEF0D1AD28C9019320AF0085267A1FC55FD33D40E61A6A71DFDFF1", "href": "https://www.ibm.com/support/pages/node/6616305", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-11-08T18:07:37", "description": "## Summary\n\nMultiple vulnerabilities in VMware Tanzu Spring Framework used by InfoSphere Information Server were addressed. [CVE-2023-20861, CVE-2023-20860]\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-20861](<https://vulners.com/cve/CVE-2023-20861>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service. By sending a specially crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/250701](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250701>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2023-20860](<https://vulners.com/cve/CVE-2023-20860>) \n** DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote attacker to bypass security restrictions, caused by the use of an un-prefixed double wildcard pattern with the mvcRequestMatcher in Spring Security configuration. An attacker could exploit this vulnerability to create a mismatch in pattern matching between Spring Security and Spring MVC. \nCVSS Base score: 9.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/250679](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250679>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nInfoSphere Information Server| 11.7 \n \n## Remediation/Fixes\n\nIBM strongly suggests you apply the following remediation / fixes:\n\n**Product**| **VRMF**| **APAR**| **Remediation** \n---|---|---|--- \nInfoSphere Information Server, InfoSphere Information Server on Cloud| 11.7| [DT208807](<https://www.ibm.com/mysupport/aCI3p000000Pbcv> \"DT208807\" )| \\--Apply IBM InfoSphere Information Server version [11.7.1.0](<https://www.ibm.com/support/pages/node/878310>) \n\\--Apply InfoSphere Information Server version [11.7.1.4](<https://www.ibm.com/support/pages/node/6620275> \"\" ) \n\\--Apply InfoSphere Information Server [11.7.1.4 Service pack 1](<https://www.ibm.com/support/pages/node/6989459> \"11.7.1.4 Service pack 1\" ) \n\\--Apply Information Server Microservices tier [security patch](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FInformation+Management%2FIBM+InfoSphere+Information+Server&fixids=is11714sp1rollup1_v1_microservices&function=fixId&parent=ibm/Information%20Management>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-07-14T21:57:21", "type": "ibm", "title": "Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in VMware Tanzu Spring Framework [CVE-2023-2861, CVE-2023-20860]", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-20860", "CVE-2023-20861", "CVE-2023-2861"], "modified": "2023-07-14T21:57:21", "id": "BF12DA2AF18CCA8454149FE005837D2ED10EB8EF182BCBFA0C87F518AB51DFC6", "href": "https://www.ibm.com/support/pages/node/6988683", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-29T05:46:35", "description": "## Summary\n\nIBM Sterling B2B Integrator uses Spring Framework, which is affected by multiple vulnerabilies. This bulletin identifies the steps to take to address the vulnerabilities.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-20863](<https://exchange.xforce.ibmcloud.com/vulnerabilities/252807>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/252807](<https://exchange.xforce.ibmcloud.com/vulnerabilities/252807>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2023-20860](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250679>) \n** DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote attacker to bypass security restrictions, caused by the use of an un-prefixed double wildcard pattern with the mvcRequestMatcher in Spring Security configuration. An attacker could exploit this vulnerability to create a mismatch in pattern matching between Spring Security and Spring MVC. \nCVSS Base score: 9.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/250679](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250679>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2023-20861](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250701>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service. By sending a specially crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/250701](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250701>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Sterling B2B Integrator| 6.0.0.0 - 6.0.3.8 \nIBM Sterling B2B Integrator| 6.1.0.0 - 6.1.0.7, 6.1.1.0 - 6.1.1.3 and 6.1.2.0 - 6.1.2.2 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now.**\n\n**Product**| **Version**| **APAR**| **Remediation & Fix** \n---|---|---|--- \nIBM Sterling B2B Integrator| 6.0.0.0 - 6.0.3.8| IT44738| Apply 6.0.3.9 at the link below. \nIBM Sterling B2B Integrator| 6.1.0.0 - 6.1.0.7, 6.1.1.0 - 6.1.1.3 and 6.1.2.0 - 6.1.2.2| IT44738| Apply 6.1.0.8, 6.1.1.4, 6.1.2.3 or 6.2.0.0 at the link below. \n \nThe IIM versions of 6.0.3.9, 6.1.0.8, 6.1.1.4, and 6.1.2.3 are available on [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Sterling+B2B+Integrator&release=All&platform=All&function=all>). The IIM version of 6.2.0.0 is available on Passport Advantage\n\nThe container version of 6.1.1.4, 6.1.2.3 and 6.2.0.0 are available in IBM Entitled Registry.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-11-28T19:36:25", "type": "ibm", "title": "Security Bulletin: IBM Sterling B2B Integrator affected by multiples issues due to Spring Framework", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-20860", "CVE-2023-20861", "CVE-2023-20863"], "modified": "2023-11-28T19:36:25", "id": "C4467BA3E5D72DC34C4794D5A8FA181453EC5DB5DE69C118BBD0C16B39DF12EF", "href": "https://www.ibm.com/support/pages/node/7084080", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-12-06T17:58:35", "description": "## Summary\n\nMultiple security vulnerabilities in the components used by IBM Security Verify Governance have been addressed. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-41946](<https://exchange.xforce.ibmcloud.com/vulnerabilities/240853>) \n** DESCRIPTION: **Postgresql JDBC could allow a local authenticated attacker to obtain sensitive information, caused by not limit access to created readable files in the TemporaryFolder. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/240853](<https://exchange.xforce.ibmcloud.com/vulnerabilities/240853>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2022-46364](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242008>) \n** DESCRIPTION: **Apache CXF is vulnerable to server-side request forgery, caused by a flaw in parsing the href attribute of XOP:Include in MTOM requests. By using a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/242008](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242008>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2023-24998](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247895>) \n** DESCRIPTION: **Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be processed in the file upload function. By sending a specially-crafted request with series of uploads, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247895](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247895>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Security Verify Governance| 10.0 \n \n## Remediation/Fixes\n\n**IBM encourages customers to update their systems promptly.**\n\n**Affected Product**| **Version**| **Fix Availability \n** \n---|---|--- \nIBM Security Verify Governance| 10.0.1| \n\n[10.0.1.0-ISS-ISVG-IGVA-FP0005 ](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/IBM+Security+Verify+Governance&release=10.0.1.4&platform=All&function=fixId&fixids=10.0.1.0-ISS-ISVG-IGVA-FP0005&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-07-18T06:05:30", "type": "ibm", "title": "Security Bulletin: IBM Security Verify Governance has multiple vulnerabilities (CVE-2022-41946, CVE-2022-46364, CVE-2023-24998)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-41946", "CVE-2022-46364", "CVE-2023-24998"], "modified": "2023-07-18T06:05:30", "id": "3DD81BAD784F59BB9BF823B92CEB58BE36823EB8A478E3D24C5A8417A3D90A2F", "href": "https://www.ibm.com/support/pages/node/7012647", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T17:51:52", "description": "## Summary\n\nIn addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.4\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2023-20883](<https://exchange.xforce.ibmcloud.com/vulnerabilities/255809>) \n**DESCRIPTION: **VMware Tanzu Spring Boot is vulnerable to a denial of service, caused by a flaw when Spring MVC is used together with a reverse proxy cache. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/255809](<https://exchange.xforce.ibmcloud.com/vulnerabilities/255809>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2023-4853](<https://exchange.xforce.ibmcloud.com/vulnerabilities/266748>) \n**DESCRIPTION: **Quarkus could allow a remote attacker to bypass security restrictions, caused by improper sanitization of requests. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass the security policy altogether. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/266748](<https://exchange.xforce.ibmcloud.com/vulnerabilities/266748>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2022-37599](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238443>) \n**DESCRIPTION: **loader-utils is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the interpolateName.js script. By sending specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238443](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238443>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2023-20860](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250679>) \n**DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote attacker to bypass security restrictions, caused by the use of an un-prefixed double wildcard pattern with the mvcRequestMatcher in Spring Security configuration. An attacker could exploit this vulnerability to create a mismatch in pattern matching between Spring Security and Spring MVC. \nCVSS Base score: 9.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/250679](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250679>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Business Automation Manager Open Editions | 8.0.0 \nIBM Business Automation Manager Open Editions | 8.0.1 \nIBM Business Automation Manager Open Editions | 8.0.2 \nIBM Business Automation Manager Open Editions | 8.0.3 \n \n## Remediation/Fixes\n\nIBM strongly suggests the following remediation / fix: Product(s) | Version(s) | Remediation/Fix \n---|---|--- \nIBM Business Automation Manager Open Editions | 8.0.0, 8.0.1, 8.0.2, 8.0.3 | [Download 8.0.4](<https://www.ibm.com/support/pages/node/6596913> \"Download\u00a08.0.4\" ) and follow instructions. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-10-11T14:07:06", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.4", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-37599", "CVE-2023-20860", "CVE-2023-20883", "CVE-2023-4853"], "modified": "2023-10-11T14:07:06", "id": "B8C4BDE78039C235DB5ABE09DBC6F1D98FBA33CF267BC6664D1BC3488188161A", "href": "https://www.ibm.com/support/pages/node/7050933", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T17:58:55", "description": "## Summary\n\nMultiple vulnerabilities in Undertow used by IBM InfoSphere Information Server were addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-1259](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235004>) \n** DESCRIPTION: **Undertow is vulnerable to a denial of service, caused by a potential security issue in flow control over HTTP/2. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235004](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235004>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-4492](<https://exchange.xforce.ibmcloud.com/vulnerabilities/248558>) \n** DESCRIPTION: **Undertow could provide weaker than expected security, caused by not checking the server identity the server certificate presents in HTTPS connections. An attacker could exploit this vulnerability to launch further attacks on the system \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/248558](<https://exchange.xforce.ibmcloud.com/vulnerabilities/248558>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2023-1108](<https://exchange.xforce.ibmcloud.com/vulnerabilities/249912>) \n** DESCRIPTION: **Undertow is vulnerable to a denial of service, caused by an infinite loop in SslConduit during close on JDK 11. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/249912](<https://exchange.xforce.ibmcloud.com/vulnerabilities/249912>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nInfoSphere Information Server| 11.7 \n \n## Remediation/Fixes\n\n**Product**| **VRMF**| **APAR**| **Remediation** \n---|---|---|--- \nInfoSphere Information Server, InfoSphere Information Server on Cloud| 11.7| [DT214774](<https://www.ibm.com/mysupport/aCI3p000000Cye5> \"DT214774\" )| \\--Apply IBM InfoSphere Information Server version [11.7.1.0](<https://www.ibm.com/support/pages/node/878310>) \n\\--Apply InfoSphere Information Server version [11.7.1.4](<https://www.ibm.com/support/pages/node/6620275> \"\" ) \n\\--Apply InfoSphere Information Server [11.7.1.4 Service pack 1](<https://www.ibm.com/support/pages/node/6989459> \"\" ) \n\\--Apply Information Server [Microservices tier security patch](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FInformation+Management%2FIBM+InfoSphere+Information+Server&fixids=is11714sp1rollup1_v1_microservices&function=fixId&parent=ibm/Information%20Management> \"Microservices tier security patch\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-07-14T21:09:05", "type": "ibm", "title": "Security Bulletin: IBM InfoSphere Information Server is affected but not vulnerable to multiple vulnerabilities in Undertow", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1259", "CVE-2022-4492", "CVE-2023-1108"], "modified": "2023-07-14T21:09:05", "id": "E4DC9E8C28969F8B9231A83049A4883A1006D77B5AAE8BCF281A1020304FFA38", "href": "https://www.ibm.com/support/pages/node/7007051", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-06T18:32:47", "description": "## Summary\n\nNode.js module Engine.IO is used by IBM App Connect Enterprise Certified Container for communication between the DesignerAuthoring web console and the process running the DesignerAuthoring service. IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability CVE-2022-41940 in node.js module Engine.IO.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-41940](<https://vulners.com/cve/CVE-2022-41940>) \n** DESCRIPTION: **Socket.IO Engine.IO is vulnerable to a denial of service, caused by an uncaught exception flaw. By sending a specially-crafted HTTP request, a remote authenticated attacker could exploit this vulnerability to cause the Node.js process to crash, and results in a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/240852](<https://exchange.xforce.ibmcloud.com/vulnerabilities/240852>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nApp Connect Enterprise Certified Container| 4.1 \nApp Connect Enterprise Certified Container| 4.2 \nApp Connect Enterprise Certified Container| 5.0-lts \nApp Connect Enterprise Certified Container| 5.1 \nApp Connect Enterprise Certified Container| 5.2 \nApp Connect Enterprise Certified Container| 6.0 \nApp Connect Enterprise Certified Container| 6.1 \n \n\n\n## Remediation/Fixes\n\n**App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0 and 6.1 (Continuous Delivery)**\n\nUpgrade to App Connect Enterprise Certified Container Operator version 6.2.0 or higher, and ensure that all DesignerAuthoring components are at 12.0.7.0-r1 or higher. Documentation on the upgrade process is available at <https://www.ibm.com/docs/en/app-connect/containers_cd?topic=releases-upgrading-operator>\n\n**App Connect Enterprise Certified Container 5.0 LTS (Long Term Support)**\n\nUpgrade to App Connect Enterprise Certified Container Operator version 5.0.2 or higher, and ensure that all DesignerAuthoring components are at 12.0.6.0-r2-lts or higher. Documentation on the upgrade process is available at <https://www.ibm.com/docs/en/app-connect-contlts?topic=releases-upgrading-operator>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-12-01T16:56:11", "type": "ibm", "title": "Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to denial of service due to CVE-2022-41940", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-41940"], "modified": "2022-12-01T16:56:11", "id": "1BAF608D1A964B0E2F147D8E7E6B08F8B9E235DC69D298DB718ECFA9B9CA2CE3", "href": "https://www.ibm.com/support/pages/node/6843917", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-11-08T18:05:47", "description": "## Summary\n\nIBM Maximo Application Suite - Monitor Component uses VMware Tanzu Spring Boot which is vulnerable to CVE-2023-20883.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-20883](<https://exchange.xforce.ibmcloud.com/vulnerabilities/255809>) \n** DESCRIPTION: **VMware Tanzu Spring Boot is vulnerable to a denial of service, caused by a flaw when Spring MVC is used together with a reverse proxy cache. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/255809](<https://exchange.xforce.ibmcloud.com/vulnerabilities/255809>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Maximo Application Suite - Monitor Component| 8.9 \nIBM Maximo Application Suite - Monitor Component| 8.10 \n \n## Remediation/Fixes\n\nAffected Product(s)| Fixpack Version(s) \n---|--- \nIBM Maximo Application Suite - Monitor Component| 8.9.6 or latest (available from the Catalog under Update Available) \nIBM Maximo Application Suite - Monitor Component| 8.10.4 or latest (available from the Catalog under Update Available) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-07-24T20:52:47", "type": "ibm", "title": "Security Bulletin: VMware Tanzu Spring Boot is vulnerable to CVE-2023-20883 used in IBM Maximo Application Suite - Monitor Component", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-20883"], "modified": "2023-07-24T20:52:47", "id": "BE0194B134671D819C4CC0ABBEBC743B8E371412FE58CF33F0AFDD857719F1C6", "href": "https://www.ibm.com/support/pages/node/7014369", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-08T18:15:04", "description": "## Summary\n\nThere is a vulnerability in Spring Boot that could allow a remote attacker to execute a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-20883](<https://exchange.xforce.ibmcloud.com/vulnerabilities/255809>) \n** DESCRIPTION: **VMware Tanzu Spring Boot is vulnerable to a denial of service, caused by a flaw when Spring MVC is used together with a reverse proxy cache. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/255809](<https://exchange.xforce.ibmcloud.com/vulnerabilities/255809>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Process Mining| \n\n1.14.0, 1.13.2, 1.13.1, 1.13.0, 1.12.0.5, 1.12.0.4 \n \n## Remediation/Fixes\n\n**Remediation/Fixes guidance**:\n\n**Product(s)**| **Version(s) number and/or range **| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Process Mining| \n\n1.14.0, 1.13.2, 1.13.1, 1.13.0, 1.12.0.5, 1.12.0.4\n\n \n \n\n\n| \n\n**Upgrade to version 1.14.1** \n \n1.Login to [PassPortAdvantage](<https://www-112.ibm.com/software/howtobuy/passportadvantage/homepage/paocustomer> \"PassPortAdvantage\" ) \n \n2\\. Search for \n**M0D0JML** \nProcess Mining 1.14.1 Server Multiplatform Multilingual \n \n3\\. Download package\n\n4\\. Follow install instructions \n \n5\\. Repeat for **M0D0KML** Process Mining 1.14.1 Client Windows Multilingual \n \n| | \n \n## Workarounds and Mitigations\n\n**Workarounds/Mitigation guidance**:\n\nNone known\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-06-27T10:59:35", "type": "ibm", "title": "Security Bulletin: Vulnerability in Spring Boot affects IBM Process Mining . CVE-2023-20883", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-20883"], "modified": "2023-06-27T10:59:35", "id": "D826889E230B2C8A4B6067347009A7AE2FAEEE02034203EDF1641E589243220E", "href": "https://www.ibm.com/support/pages/node/7007349", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-06T18:09:49", "description": "## Summary\n\nThere is a vulnerability in Spring Security that could allow a remote attacker to bypass security restrictions. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-31692](<https://vulners.com/cve/CVE-2022-31692>) \n** DESCRIPTION: **VMware Tanzu Spring Security could allow a remote attacker to bypass security restrictions, caused by a flaw when using forward or include dispatcher types. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass authorization rules. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/239162](<https://exchange.xforce.ibmcloud.com/vulnerabilities/239162>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Process Mining| 1.13.1, 1.13.2 \n \n\n\n## Remediation/Fixes\n\n**Remediation/Fixes guidance**: \n\n**Product(s)**| **Version(s) number and/or range **| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Process Mining| 1.13.1, 1.13.2| \n\n**Upgrade to version 1.14.0.0** \n \n1.Login to [PassPortAdvantage](<https://www-112.ibm.com/software/howtobuy/passportadvantage/homepage/paocustomer> \"PassPortAdvantage\" ) \n \n2\\. Search for \n**M0BMPML** Process Mining 1.14.0.0 Server Multiplatform Multilingual \n \n3\\. Download package\n\n4\\. Follow install instructions \n \n5\\. Repeat for **M0BMQML** Process Mining 1.14.0.0 Client Windows Multilingual \n \n| | \n \n## Workarounds and Mitigations\n\n**Workarounds/Mitigation guidance**: \n\nNone known\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-05-05T14:47:09", "type": "ibm", "title": "Security Bulletin: Vulnerability in Spring Security affects IBM Process Mining . CVE-2022-31692", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-31692"], "modified": "2023-05-05T14:47:09", "id": "45D6DC7F686DEB5F70B552B74591916A3F9AD37F71BB27CFBF970CEA57AC883F", "href": "https://www.ibm.com/support/pages/node/6988555", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:19:33", "description": "## Summary\n\nIBM Data Risk Manager (IDRM) 2.0.6.15, which is the only supported version, is impacted by multiple vulnerabilities. The vulnerabilities have been addressed in the updated version of IDRM 2.0.6.16. Please see the remediation steps below to apply the fix. All customers are encouraged to act quickly to update their systems.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-45685](<https://vulners.com/cve/CVE-2022-45685>) \n** DESCRIPTION: **Jettison is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending an overly long string using JSON data, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/242596](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242596>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-45693](<https://vulners.com/cve/CVE-2022-45693>) \n** DESCRIPTION: **Jettison is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/242274](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242274>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-45143](<https://vulners.com/cve/CVE-2022-45143>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by not escape the type, message or description values in the JsonErrorReportValve function. By sending a specially-crafted request, an attacker could exploit this vulnerability to supply values that invalidated or manipulated the JSON output. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/243565](<https://exchange.xforce.ibmcloud.com/vulnerabilities/243565>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2022-40155](<https://vulners.com/cve/CVE-2022-40155>) \n** DESCRIPTION: **XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially-crafted XML data, a remote authenticated attacker could exploit this vulnerability to causes the parser to crash, and results in a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236358](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236358>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-40151](<https://vulners.com/cve/CVE-2022-40151>) \n** DESCRIPTION: **XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially-crafted XML data, a remote authenticated attacker could exploit this vulnerability to causes the parser to crash, and results in a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236354](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236354>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-40154](<https://vulners.com/cve/CVE-2022-40154>) \n** DESCRIPTION: **XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially-crafted XML data, a remote authenticated attacker could exploit this vulnerability to causes the parser to crash, and results in a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236357](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236357>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-40153](<https://vulners.com/cve/CVE-2022-40153>) \n** DESCRIPTION: **XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially-crafted XML data, a remote authenticated attacker could exploit this vulnerability to causes the parser to crash, and results in a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236356](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236356>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-40156](<https://vulners.com/cve/CVE-2022-40156>) \n** DESCRIPTION: **XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially-crafted XML data, a remote authenticated attacker could exploit this vulnerability to causes the parser to crash, and results in a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236359](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236359>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-40152](<https://vulners.com/cve/CVE-2022-40152>) \n** DESCRIPTION: **XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially-crafted XML data, a remote authenticated attacker could exploit this vulnerability to causes the parser to crash, and results in a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236355](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236355>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-46363](<https://vulners.com/cve/CVE-2022-46363>) \n** DESCRIPTION: **Apache CXF could allow a remote attacker to obtain sensitive information, caused by a flaw when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. By sending a specially-crafted request, an attacker could exploit this vulnerability to perform directory listing or code exfiltration, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/242009](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242009>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-41966](<https://vulners.com/cve/CVE-2022-41966>) \n** DESCRIPTION: **XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By manipulating the processed input stream at unmarshalling time, a remote attacker could exploit this vulnerability to replace or inject objects and cause a denial of service. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/243448](<https://exchange.xforce.ibmcloud.com/vulnerabilities/243448>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H) \n \n** CVEID: **[CVE-2022-46364](<https://vulners.com/cve/CVE-2022-46364>) \n** DESCRIPTION: **Apache CXF is vulnerable to server-side request forgery, caused by a flaw in parsing the href attribute of XOP:Include in MTOM requests. By using a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/242008](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242008>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2022-46908](<https://vulners.com/cve/CVE-2022-46908>) \n** DESCRIPTION: **SQLite could allow a remote attacker to bypass security restrictions, caused by a flaw when relying on --safe for execution of an untrusted CLI script. By sending a specially-crafted request, an attacker could exploit this vulnerability to read and write arbitrary files on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/241893](<https://exchange.xforce.ibmcloud.com/vulnerabilities/241893>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-41946](<https://vulners.com/cve/CVE-2022-41946>) \n** DESCRIPTION: **Postgresql JDBC could allow a local authenticated attacker to obtain sensitive information, caused by not limit access to created readable files in the TemporaryFolder. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/240853](<https://exchange.xforce.ibmcloud.com/vulnerabilities/240853>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2022-45046](<https://vulners.com/cve/CVE-2022-45046>) \n** DESCRIPTION: **Apache Camel is vulnerable to a denial of service, caused by a LDAP injection flaw in camel-ldap component when using the filter option. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/241724](<https://exchange.xforce.ibmcloud.com/vulnerabilities/241724>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-2964](<https://vulners.com/cve/CVE-2022-2964>) \n** DESCRIPTION: **Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by multiple out-of-bounds reads and possible out-of-bounds writes flaw in the driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235652](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235652>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2023-25194](<https://vulners.com/cve/CVE-2023-25194>) \n** DESCRIPTION: **Apache Kafka could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization when configuring the connector via the Kafka Connect REST API. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service on the system. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/246698](<https://exchange.xforce.ibmcloud.com/vulnerabilities/246698>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM DRM| 2.0.6.15 \n \n\n\n## Remediation/Fixes\n\n**IBM encourages customers to update their systems promptly.**\n\nTo obtain fixes for all reported issues, customers are advised first to upgrade to v2.0.6.15, and then apply the latest FixPack 2.0.6.16.\n\n_Product_| _VRMF_| _APAR \n_| _Remediation / First Fix_ \n---|---|---|--- \nIBM Data Risk Manager| 2.0.6.15| \n\n-\n\n| \n\n1) Apply [DRM_2.0.6.16_FixPack](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Data+Risk+Manager&release=2.0.6.15&platform=Linux&function=all>) \n \n---|---|---|--- \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-07T03:26:57", "type": "ibm", "title": "Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2964", "CVE-2022-40151", "CVE-2022-40152", "CVE-2022-40153", "CVE-2022-40154", "CVE-2022-40155", "CVE-2022-40156", "CVE-2022-41946", "CVE-2022-41966", "CVE-2022-45046", "CVE-2022-45143", "CVE-2022-45685", "CVE-2022-45693", "CVE-2022-46363", "CVE-2022-46364", "CVE-2022-46908", "CVE-2023-25194"], "modified": "2023-03-07T03:26:57", "id": "140B83BCFF2F315F23EAB3DB361BD5C3FE9817F6C4941D1D599E184A057314BF", "href": "https://www.ibm.com/support/pages/node/6960473", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-08T18:13:26", "description": "## Summary\n\nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in VMware Tanzu Spring Framework, by sending a specially crafted SpEL expression (CVE-2023-20861). VMware Tanzu Spring Framework is included as part of our speech microservices. This vulnerabilitiy has been addressed. Please read the details for remediation below.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-20861](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250701>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service. By sending a specially crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/250701](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250701>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 4.0.0 - 4.6.6 \n \n \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading.\n\n**Product(s)**| **Version(s) \n**| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 4.7| The fix in 4.7 applies to all versions listed (4.0.0-4.6.6). Version 4.7 can be downloaded and installed from: <https://www.ibm.com/docs/en/cloud-paks/cp-data> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-06-28T20:44:09", "type": "ibm", "title": "Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in VMware Tanzu Spring Framework (CVE-2023-20861)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-20861"], "modified": "2023-06-28T20:44:09", "id": "5EF5A403B9C7FB46E177956FF654880E820C1E6399F8D08DA056AC3336D99EAB", "href": "https://www.ibm.com/support/pages/node/7008091", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-11-11T21:47:28", "description": "## Summary\n\nThere is a vulnerability in Bouncy Castle Crypto Package that could allow a remote authenticated attacker to obtain sensitive information. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-33201](<https://exchange.xforce.ibmcloud.com/vulnerabilities/258653>) \n** DESCRIPTION: **The Bouncy Castle Crypto Package For Java (bc-java) could allow a remote attacker to obtain sensitive information, caused by not validating the X.500 name of any certificate in the implementation of the X509LDAPCertStoreSpi.java class. By using blind LDAP injection attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/258653](<https://exchange.xforce.ibmcloud.com/vulnerabilities/258653>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Process Mining| \n\n1.14.1, 1.14.0, 1.13.2, 1.13.1, 1.13.0, 1.12.0.5, 1.12.0.4 \n \n## Remediation/Fixes\n\n**Remediation/Fixes guidance**:\n\n**Product(s)**| **Version(s) number and/or range **| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Process Mining| \n\n1.14.1,\n\n1.14.0, 1.13.2, 1.13.1, 1.13.0, 1.12.0.5, 1.12.0.4\n\n \n \n\n\n| \n\n**Upgrade to version 1.14.2** \n \n1.Login to [PassPortAdvantage](<https://www-112.ibm.com/software/howtobuy/passportadvantage/homepage/paocustomer> \"PassPortAdvantage\" ) \n \n2\\. Search for \n**M0FHQML** \nProcess Mining 1.14.2 Server Multiplatform Multilingual \n \n3\\. Download package\n\n4\\. Follow install instructions \n \n5\\. Repeat for **M0FHRML** Process Mining 1.14.2 Client Windows Multilingual \n \n| | \n \n## Workarounds and Mitigations\n\n**Workarounds/Mitigation guidance**:\n\nNone known\n\n## ", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-10-09T10:55:55", "type": "ibm", "title": "Security Bulletin: Vulnerability in Bouncy Castle Crypto Package affects IBM Process Mining . CVE-2023-33201", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-33201"], "modified": "2023-10-09T10:55:55", "id": "C41BB7D9468F79EBD4EB53FF3F0093C3D2B01040901E532E8D4FB142A0C3EBC4", "href": "https://www.ibm.com/support/pages/node/7048710", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-11T21:50:35", "description": "## Summary\n\nViewONE has a bundled version of Bouncy Castle containing a known security issue.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-33201](<https://exchange.xforce.ibmcloud.com/vulnerabilities/258653>) \n** DESCRIPTION: **The Bouncy Castle Crypto Package For Java (bc-java) could allow a remote attacker to obtain sensitive information, caused by not validating the X.500 name of any certificate in the implementation of the X509LDAPCertStoreSpi.java class. By using blind LDAP injection attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/258653](<https://exchange.xforce.ibmcloud.com/vulnerabilities/258653>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nDaeja ViewONE Professional, Standard & Virtual| 5.0CD \n \n## Remediation/Fixes\n\nBouncy Castle library bundled with ViewONE has been updated for release 5.0.13 ifix 1.\n\n**Download**\n\n| \n\n[https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Other+software/Daeja+ViewONE+Virtual&release=5.0.13&platform=All&function=fixId&fixids=5.0.13_DAEJA_VIEWONE_IFIX001&includeSupersedes=0](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Other+software/Daeja+ViewONE+Virtual&release=5.0.13&platform=All&function=fixId&fixids=5.0.13_DAEJA_VIEWONE_IFIX001&includeSupersedes=0> \"https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Other+software/Daeja+ViewONE+Virtual&release=5.0.13&platform=All&function=fixId&fixids=5.0.13_DAEJA_VIEWONE_IFIX001&includeSupersedes=0\" ) \n \n---|--- \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-07-18T16:15:11", "type": "ibm", "title": "Security Bulletin: Daeja ViewONE may be affected by Bouncy Castle Vulnerability (CVE-2023-33201)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-33201"], "modified": "2023-07-18T16:15:11", "id": "D70A548302FB88FE5083E2401F2C5DC3606927918AE7411F5FC1565E2C72328B", "href": "https://www.ibm.com/support/pages/node/7012809", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-11T21:48:20", "description": "## Summary\n\nIBM Maximo Application Suite uses The Bouncy Castle Crypto Package For Java (bc-java) package which is vulnerable to CVE-2023-33201.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-33201](<https://exchange.xforce.ibmcloud.com/vulnerabilities/258653>) \n** DESCRIPTION: **The Bouncy Castle Crypto Package For Java (bc-java) could allow a remote attacker to obtain sensitive information, caused by not validating the X.500 name of any certificate in the implementation of the X509LDAPCertStoreSpi.java class. By using blind LDAP injection attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/258653](<https://exchange.xforce.ibmcloud.com/vulnerabilities/258653>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Maximo Application Suite - IoT Component| 8.9 \nIBM Maximo Application Suite - IoT Component| 8.10 \n \n## Remediation/Fixes\n\nAffected Product(s)| Fixpack Version(s) \n---|--- \nIBM Maximo Application Suite - IoT Component| 8.9.10 or [the latest (available from the Catalog under Update Available)](<https://www.ibm.com/docs/en/mas-cd/continuous-delivery?topic=upgrading>) \nIBM Maximo Application Suite - IoT Component| 8.10.5 or [the latest (available from the Catalog under Update Available)](<https://www.ibm.com/docs/en/mas-cd/continuous-delivery?topic=upgrading>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-09-27T14:14:24", "type": "ibm", "title": "Security Bulletin: The Bouncy Castle Crypto Package For Java (bc-java) component is vulnerable to CVE-2023-33201 is used by IBM Maximo Application Suite", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-33201"], "modified": "2023-09-27T14:14:24", "id": "6D3FDAAD9932EDE749974072E84133279FC37F00C03E3EC8BA819C5E502E735D", "href": "https://www.ibm.com/support/pages/node/7028107", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-06T18:05:36", "description": "## Summary\n\nThere are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. VMware Tanzu Spring Security and Spring Framework could allow a remote attacker to bypass security restrictions. VMware Tanzu Spring Vault could allow a local authenticated attacker to obtain sensitive information. VMware Tanzu Spring Framework is vulnerable to a denial of service. The IBM Toolbox for Java could allow a user to obtain sensitive information. Hutool is vulnerable to a denial of service, caused by stack-based buffer overflow. Apache Commons FileUpload and Tomcat are vulnerable to a denial of service. snakeYAML is vulnerable to a denial of service. These components are used in IBM i Modernization Engine for Lifecycle Integration for infrastructure support in the platform. IBM has addressed the vulnerabilities in IBM i Modernization Engine for Lifecycle Integration with updates to affected components.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-20862](<https://exchange.xforce.ibmcloud.com/vulnerabilities/253351>) \n** DESCRIPTION: **VMware Tanzu Spring Security could allow a remote attacker to bypass security restrictions, caused by the logout support feature does not properly clean the security context if using serialized versions. By sending a specially-crafted request, an attacker could exploit this vulnerability to remain authenticated after logout is performed. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/253351](<https://exchange.xforce.ibmcloud.com/vulnerabilities/253351>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-43928](<https://exchange.xforce.ibmcloud.com/vulnerabilities/241675>) \n** DESCRIPTION: **The IBM Toolbox for Java (Db2 Mirror for i 7.4 and 7.5) could allow a user to obtain sensitive information, caused by utilizing a Java string for processing. Since Java strings are immutable, their contents exist in memory until garbage collected. This means sensitive data could be visible in memory over an indefinite amount of time. IBM has addressed this issue by reducing the amount of time the sensitive data is visible in memory. IBM X-Force ID: 241675. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/241675](<https://exchange.xforce.ibmcloud.com/vulnerabilities/241675>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-45688](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242881>) \n** DESCRIPTION: **Hutool is vulnerable to a denial of service, caused by stack-based buffer overflow. By persuading a specially crafted request, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/242881](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242881>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2023-24998](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247895>) \n** DESCRIPTION: **Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be processed in the file upload function. By sending a specially-crafted request with series of uploads, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247895](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247895>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-41854](<https://exchange.xforce.ibmcloud.com/vulnerabilities/240890>) \n** DESCRIPTION: **snakeYAML is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially-crafted YAML content, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/240890](<https://exchange.xforce.ibmcloud.com/vulnerabilities/240890>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2023-20860](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250679>) \n** DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote attacker to bypass security restrictions, caused by the use of an un-prefixed double wildcard pattern with the mvcRequestMatcher in Spring Security configuration. An attacker could exploit this vulnerability to create a mismatch in pattern matching between Spring Security and Spring MVC. \nCVSS Base score: 9.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/250679](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250679>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2023-20859](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250863>) \n** DESCRIPTION: **VMware Tanzu Spring Vault could allow a local authenticated attacker to obtain sensitive information, caused by the insertion of sensitive information into log sourced from failed revocation of tokens. By gaining access to the log files, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/250863](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250863>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2023-20861](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250701>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service. By sending a specially crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/250701](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250701>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2023-20863](<https://exchange.xforce.ibmcloud.com/vulnerabilities/252807>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/252807](<https://exchange.xforce.ibmcloud.com/vulnerabilities/252807>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM i Modernization Engine for Lifecycle Integration| 1.0 - 1.4.1 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| Remediation/Fix/Instructions \n---|---|--- \nIBM i Modernization Engine for Lifecycle Integration| 1.0 - 1.4.1| \nFollow [instructions](<https://www.ibm.com/docs/en/merlin/1.0?topic=guide-upgrade-merlin-platform-tools>) to download and install v1.4.2 \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-06-07T14:32:28", "type": "ibm", "title": "Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-41854", "CVE-2022-43928", "CVE-2022-45688", "CVE-2023-20859", "CVE-2023-20860", "CVE-2023-20861", "CVE-2023-20862", "CVE-2023-20863", "CVE-2023-24998"], "modified": "2023-06-07T14:32:28", "id": "15CC4FF31A1DE46652EF6155538BA9F196CB4AE25DF160DA9548558A555EF6C4", "href": "https://www.ibm.com/support/pages/node/7001851", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-12-07T13:46:37", "description": "## Summary\n\nPotential VMware Tanzu Spring Boot denial of service, vulnerability caused by a flaw when Spring MVC is used together with a reverse proxy cache have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. [CVE-2023-20883]\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-20883](<https://exchange.xforce.ibmcloud.com/vulnerabilities/255809>) \n** DESCRIPTION: **VMware Tanzu Spring Boot is vulnerable to a denial of service, caused by a flaw when Spring MVC is used together with a reverse proxy cache. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/255809](<https://exchange.xforce.ibmcloud.com/vulnerabilities/255809>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Affected Version(s) \n---|--- \nIBM Watson Assistant for IBM Cloud Pak for Data| All versions before v4.7.4 \n \n## Remediation/Fixes\n\nFor all affected versions, IBM strongly recommends addressing the vulnerability now by upgrading to the latest (v4.7.4 or later releases) release of IBM Watson Assistant for IBM Cloud Pak for Data which maintains backward compatibility with the versions listed above.\n\n**Product Latest Version**| **Remediation/Fix/Instructions** \n---|--- \nIBM Watson Assistant for IBM Cloud Pak for Data 4.7.4| \n\nFollow instructions for Installing Watson Assistant in Link to Release (v4.7.4 release information)\n\n<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.7.x> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-12-07T11:00:03", "type": "ibm", "title": "Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to snappy-java information disclosure vulnerabilitiy [CVE-2023-20883]", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-20883"], "modified": "2023-12-07T11:00:03", "id": "E751DCE21F29EAF8C53F07ACA212838F39A166C395D5A7D878764786B7AF464C", "href": "https://www.ibm.com/support/pages/node/7091455", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-06T18:24:22", "description": "## Summary\n\nIBM Jazz for Service Management is vulnerable to to All XStream (Publicly disclosed vulnerability) . XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. This has bundled with activemq-all-5.16.4 jar.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-41966](<https://vulners.com/cve/CVE-2022-41966>) \n** DESCRIPTION: **XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By manipulating the processed input stream at unmarshalling time, a remote attacker could exploit this vulnerability to replace or inject objects and cause a denial of service. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/243448](<https://exchange.xforce.ibmcloud.com/vulnerabilities/243448>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nJazz for Service Management| 1.1.3 \n \n## Remediation/Fixes\n\n**Affected JazzSM Version**| **Recommended Fix.** \n---|--- \nJazz for Service Management versions 1.1.3.*| \n\nThe vulnerable Xstream package need to be removed from activemq-all-5.16.4.jar. \n\nFollow the give steps to remove xstream package,\n\n1\\. Backup the existing activemq-all-xxx.jar located under <JazzSM_HOME>/profile/installedApps/JazzSMNode01Cell/isc.ear/ \n2\\. Remove following files and folder with respect to xstream package from activemq-all-5.16.4.jar \n\\- com.sun.istack.XMLStreamReaderToContentHandler.class \n\\- com.sun.xml.bind.v2.runtime.output.StAXExStreamWriterOutput.class \n\\- com.sun.xml.bind.v2.runtime.output.XMLStreamWriterOutput.class \n\\- com.sun.xml.bind.v2.runtime .unmarshaller.StAXExConnector.class \n\\- com.sun.xml.bind.v2.runtime.unmarshaller.StAXStreamConnector.class \n\\- com.sun.xml.bind.v2.runtime.unmarshaller.StAXStreamConnector$1.class \n\\- com.sun.xml.bind.v2.runtime.unmarshaller. UnmarshallerImpl.class \n\\- org.apache.activemq.plugin.SubQueueSelectorCacheBroker$SubSelectorClassObjectInputStream.class \n\\- org.apache.activemq.store.kahadb.MessageDatabase$MessageDatabaseObjectInputStream.class \n\\- org.apache.activemq .transport.http.HttpTransportFactory.class \n\\- org.apache.activemq.transport.http.HttpTransportServer.class \n\\- org.apache.activemq.transport.http.HttpTunnelServlet.class \n\\- org.apache.activemq.transport.stomp.JmsFrameTranslator.class \n\\- org.apache.activemq.transport.stomp.JmsFrameTranslator$1.class \n\\- org.apache.activemq.util.ClassLoadingAwareObjectInputStream.class \n\\- org.apache.activemq.util.XStreamSupport.class \n\\- org.apache.camel.builder.DataFormatClause.class \n\\- org.apache.camel.model \n3\\. Rezip it and restart server \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-08T06:56:05", "type": "ibm", "title": "Security Bulletin: IBM Jazz for Service Management is vulnerable to All XStream (Publicly disclosed vulnerability) (CVE-2022-41966)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-41966"], "modified": "2023-02-08T06:56:05", "id": "71E33CEC9CC6FECB7854DFBE46596F221624A1288A2A8D56D38109887FC10D51", "href": "https://www.ibm.com/support/pages/node/6953109", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-06T18:00:34", "description": "## Summary\n\nMultiple security vulnerabilities impacting Watson Knowledge Catalog for IBM Cloud Pak for Data. These vulnerabilities have been addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-0842](<https://exchange.xforce.ibmcloud.com/vulnerabilities/252153>) \n** DESCRIPTION: **xml2js could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/252153](<https://exchange.xforce.ibmcloud.com/vulnerabilities/252153>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2023-28708](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250740>) \n** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the missing of secure attribute in some configurations for JSESSIONID Cookie when using the RemoteIpFilter. By sniffing the network traffic, an attacker could exploit this vulnerability to obtain session cookie information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/250740](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250740>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2023-24998](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247895>) \n** DESCRIPTION: **Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be processed in the file upload function. By sending a specially-crafted request with series of uploads, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247895](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247895>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2023-28959](<https://exchange.xforce.ibmcloud.com/vulnerabilities/252630>) \n** DESCRIPTION: **Juniper Networks Junos OS is vulnerable to a denial of service, caused by an improper check or handling of exceptional conditions vulnerability in packet processing. By sending a malformed packet, an attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/252630](<https://exchange.xforce.ibmcloud.com/vulnerabilities/252630>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2023-32681](<https://exchange.xforce.ibmcloud.com/vulnerabilities/256114>) \n** DESCRIPTION: **python-requests could allow a remote attacker to obtain sensitive information, caused by the leaking of Proxy-Authorization headers to destination servers during redirects to an HTTPS origin. By persuading a victim to click on a specially crafted URL, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/256114](<https://exchange.xforce.ibmcloud.com/vulnerabilities/256114>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-45787](<https://exchange.xforce.ibmcloud.com/vulnerabilities/244033>) \n** DESCRIPTION: **Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information, caused by improper laxist permissions on the temporary files. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/244033](<https://exchange.xforce.ibmcloud.com/vulnerabilities/244033>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2023-31125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/254734>) \n** DESCRIPTION: **Engine.IO is vulnerable to a denial of service, caused by an uncaught exception. By sending a specially crafted HTTP request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/254734](<https://exchange.xforce.ibmcloud.com/vulnerabilities/254734>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2023-0286](<https://exchange.xforce.ibmcloud.com/vulnerabilities/246611>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a type confusion error related to X.400 address processing inside an X.509 GeneralName. By passing arbitrary pointers to a memcmp call, a remote attacker could exploit this vulnerability to read memory contents or cause a denial of service. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/246611](<https://exchange.xforce.ibmcloud.com/vulnerabilities/246611>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H) \n \n** CVEID: **[CVE-2022-4492](<https://exchange.xforce.ibmcloud.com/vulnerabilities/248558>) \n** DESCRIPTION: **Undertow could provide weaker than expected security, caused by not checking the server identity the server certificate presents in HTTPS connections. An attacker could exploit this vulnerability to launch further attacks on the system \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/248558](<https://exchange.xforce.ibmcloud.com/vulnerabilities/248558>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2023-1370](<https://exchange.xforce.ibmcloud.com/vulnerabilities/249885>) \n** DESCRIPTION: **netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By sending a specially crafted input, a remote attacker could exploit this vulnerability to cause a stack exhaustion and crash the software. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/249885](<https://exchange.xforce.ibmcloud.com/vulnerabilities/249885>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2023-28155](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250386>) \n** DESCRIPTION: **Node.js Request module is vulnerable to server-side request forgery, caused by a cross-protocol redirect bypass flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to conduct SSRF attack. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/250386](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250386>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2023-20860](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250679>) \n** DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote attacker to bypass security restrictions, caused by the use of an un-prefixed double wildcard pattern with the mvcRequestMatcher in Spring Security configuration. An attacker could exploit this vulnerability to create a mismatch in pattern matching between Spring Security and Spring MVC. \nCVSS Base score: 9.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/250679](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250679>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2022-46364](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242008>) \n** DESCRIPTION: **Apache CXF is vulnerable to server-side request forgery, caused by a flaw in parsing the href attribute of XOP:Include in MTOM requests. By using a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/242008](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242008>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2023-0482](<https://exchange.xforce.ibmcloud.com/vulnerabilities/246304>) \n** DESCRIPTION: **RESTEasy could allow a local authenticated attacker to gain elevated privileges on the system, caused by the creation of insecure temp files in the File.createTempFile() used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/246304](<https://exchange.xforce.ibmcloud.com/vulnerabilities/246304>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2023-20863](<https://exchange.xforce.ibmcloud.com/vulnerabilities/252807>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/252807](<https://exchange.xforce.ibmcloud.com/vulnerabilities/252807>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2023-20861](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250701>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service. By sending a specially crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/250701](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250701>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2023-30861](<https://exchange.xforce.ibmcloud.com/vulnerabilities/254247>) \n** DESCRIPTION: **Pallets Flask could allow a remote attacker to obtain sensitive information, caused by missing Vary: Cookie header. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain permanent session cookie information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/254247](<https://exchange.xforce.ibmcloud.com/vulnerabilities/254247>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-1259](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235004>) \n** DESCRIPTION: **Undertow is vulnerable to a denial of service, caused by a potential security issue in flow control over HTTP/2. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235004](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235004>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2023-28955](<https://exchange.xforce.ibmcloud.com/vulnerabilities/251704>) \n** DESCRIPTION: **IBM Watson Knowledge Catalog on Cloud Pak for Data could allow an authenticated user send a specially crafted request that could cause a denial of service. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/251704](<https://exchange.xforce.ibmcloud.com/vulnerabilities/251704>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2023-1436](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250490>) \n** DESCRIPTION: **Jettison is vulnerable to a denial of service, caused by an infinite recursion when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/250490](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250490>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2023-1108](<https://exchange.xforce.ibmcloud.com/vulnerabilities/249912>) \n** DESCRIPTION: **Undertow is vulnerable to a denial of service, caused by an infinite loop in SslConduit during close on JDK 11. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/249912](<https://exchange.xforce.ibmcloud.com/vulnerabilities/249912>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-1471](<https://exchange.xforce.ibmcloud.com/vulnerabilities/241118>) \n** DESCRIPTION: **SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the Constructor class. By using a specially-crafted yaml content, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/241118](<https://exchange.xforce.ibmcloud.com/vulnerabilities/241118>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L) \n \n** CVEID: **[CVE-2023-32695](<https://exchange.xforce.ibmcloud.com/vulnerabilities/256442>) \n** DESCRIPTION: **Socket.IO socket.io-parser is vulnerable to a denial of service, caused by an uncaught exception flaw on the Socket.IO server. By sending a specially crafted Socket.IO packet, a remote attacker could exploit this vulnerability to cause the Node.js process to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/256442](<https://exchange.xforce.ibmcloud.com/vulnerabilities/256442>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2023-20883](<https://exchange.xforce.ibmcloud.com/vulnerabilities/255809>) \n** DESCRIPTION: **VMware Tanzu Spring Boot is vulnerable to a denial of service, caused by a flaw when Spring MVC is used together with a reverse proxy cache. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/255809](<https://exchange.xforce.ibmcloud.com/vulnerabilities/255809>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** IBM X-Force ID: **254437 \n** DESCRIPTION: **Jose4J could allow a remote attacker to obtain sensitive information, caused by a chosen ciphertext attack in RSA1_5. By using cryptographic attack techniques, an attacker could exploit this vulnerability to decrypt RSA1_5 or RSA_OAEP encrypted ciphertexts. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/254437 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/254437>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Knowledge Catalog on-prem| 4.x \n \n## Remediation/Fixes\n\nUpgrade to Watson Knowledge Catalog for IBM Cloud Pak for Data 4.7: <https://www.ibm.com/docs/en/cloud-paks/cp-data/4.7.x?topic=overview-whats-new#whats-new__47>\n\n## Workarounds and Mitigations\n\nNone. Watson Knowledge Catalog for IBM Cloud Pak for Data must be upgraded\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-07-05T18:31:10", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities affecting Watson Knowledge Catalog for IBM Cloud Pak for Data", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1259", "CVE-2022-1471", "CVE-2022-4492", "CVE-2022-45787", "CVE-2022-46364", "CVE-2023-0286", "CVE-2023-0482", "CVE-2023-0842", "CVE-2023-1108", "CVE-2023-1370", "CVE-2023-1436", "CVE-2023-20860", "CVE-2023-20861", "CVE-2023-20863", "CVE-2023-20883", "CVE-2023-24998", "CVE-2023-28155", "CVE-2023-28708", "CVE-2023-28955", "CVE-2023-28959", "CVE-2023-30861", "CVE-2023-31125", "CVE-2023-32681", "CVE-2023-32695"], "modified": "2023-07-05T18:31:10", "id": "7F49152296CEC8D5B01F759C14D244EE9DFFFC65E1D2E857203E7F16426E96DF", "href": "https://www.ibm.com/support/pages/node/7009747", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-08T18:13:56", "description": "## Summary\n\nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security bypass in VMware Tanzu Spring Framework due to the use of an un-prefixed double wildcard pattern with the mvcRequestMatcher [CVE-2023-20860]. Spring Framework is included as part of our speech microservices. This vulnerabilitiy has been addressed. Please read the details for remediation below.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-20860](<https://vulners.com/cve/CVE-2023-20860>) \n** DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote attacker to bypass security restrictions, caused by the use of an un-prefixed double wildcard pattern with the mvcRequestMatcher in Spring Security configuration. An attacker could exploit this vulnerability to create a mismatch in pattern matching between Spring Security and Spring MVC. \nCVSS Base score: 9.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/250679](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250679>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 4.0.0 - 4.6.6 \n \n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading.\n\n**Product(s)**| **Version(s) \n**| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Watson Speech Services Cartridge for IBM Cloud Pak for Data| 4.7| The fix in 4.7 applies to all versions listed (4.0.0-4.6.6). Version 4.7 can be downloaded and installed from: <https://www.ibm.com/docs/en/cloud-paks/cp-data>** \n** \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-06-28T19:44:02", "type": "ibm", "title": "Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security bypass in VMware Tanzu Spring Framework [CVE-2023-20860]", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-20860"], "modified": "2023-06-28T19:44:02", "id": "93C5C41AEF731922565AB24789B4C9259F82323486524FD092496E93D6475A02", "href": "https://www.ibm.com/support/pages/node/7007885", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-08T18:20:51", "description": "## Summary\n\nIBM Sterling Connect:Direct for UNIX File Agent component is affected by security restriction bypass due to Spring Framework. Spring Framework has been upgraded in IBM Sterling Connect:Direct for UNIX File Agent component. [CVE-2023-20860]\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-20860](<https://vulners.com/cve/CVE-2023-20860>) \n** DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote attacker to bypass security restrictions, caused by the use of an un-prefixed double wildcard pattern with the mvcRequestMatcher in Spring Security configuration. An attacker could exploit this vulnerability to create a mismatch in pattern matching between Spring Security and Spring MVC. \nCVSS Base score: 9.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/250679](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250679>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Sterling Connect:Direct for UNIX| 6.2.0.0 - 6.2.0.6.iFix012 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by upgrading \n\n**Product**| **Version**| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Sterling Connect:Direct for UNIX| 6.2.0| Apply 6.2.0.6.iFix013, available on [Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+UNIX&release=6.2.0.6&platform=All&function=fixId&fixids=6.2.0.6*iFix013*&includeSupersedes=0>). \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-05-18T17:28:21", "type": "ibm", "title": "Security Bulletin: IBM Sterling Connect:Direct for UNIX is affected by security restriction bypass due to Spring Framework [CVE-2023-20860]", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-20860"], "modified": "2023-05-18T17:28:21", "id": "5D04198B54656ADFCB0B5E5C4A8A4890DED9C9BF882D524A7A1C4C8C84533CDB", "href": "https://www.ibm.com/support/pages/node/6995591", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-11T21:48:12", "description": "## Summary\n\nThe Bouncy Castle Crypto Package For Java is used by the MQ Client in IBM App Connect Enterprise Certified Container IntegrationServers and IntegrationRuntimes. This bulletin provides patch information to address the reported vulnerability in the Bouncy Castle Crypto Package For Java. [CVE-2023-33201]\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-33201](<https://exchange.xforce.ibmcloud.com/vulnerabilities/258653>) \n** DESCRIPTION: **The Bouncy Castle Crypto Package For Java (bc-java) could allow a remote attacker to obtain sensitive information, caused by not validating the X.500 name of any certificate in the implementation of the X509LDAPCertStoreSpi.java class. By using blind LDAP injection attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/258653](<https://exchange.xforce.ibmcloud.com/vulnerabilities/258653>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nApp Connect Enterprise Certified Container| 4.1 \nApp Connect Enterprise Certified Container| 4.2 \nApp Connect Enterprise Certified Container| 5.0-lts \nApp Connect Enterprise Certified Container| 5.1 \nApp Connect Enterprise Certified Container| 5.2 \nApp Connect Enterprise Certified Container| 6.0 \nApp Connect Enterprise Certified Container| 6.1 \nApp Connect Enterprise Certified Container| 6.2 \nApp Connect Enterprise Certified Container| 7.0 \nApp Connect Enterprise Certified Container| 7.1 \nApp Connect Enterprise Certified Container| 7.2 \nApp Connect Enterprise Certified Container| 8.0 \nApp Connect Enterprise Certified Container| 8.1 \nApp Connect Enterprise Certified Container| 8.2 \nApp Connect Enterprise Certified Container| 9.0 \nApp Connect Enterprise Certified Container| 9.1 \nApp Connect Enterprise Certified Container| 9.2 \n \n## Remediation/Fixes\n\nIBM strongly suggests the following: \n**App Connect Enterprise Certified Container 4.1.x to 9.2.x (Continuous Delivery)**\n\nUpgrade to App Connect Enterprise Certified Container Operator version 10.0.0 or higher, and ensure that all DesignerAuthoring, IntegrationServer and IntegrationRuntime components are at 12.0.9.0-r3 or higher. Documentation on the upgrade process is available at <https://www.ibm.com/docs/en/app-connect/containers_cd?topic=releases-upgrading-operator>\n\n \n**App Connect Enterprise Certified Container 5.0 LTS (Long Term Support)**\n\nUpgrade to App Connect Enterprise Certified Container Operator version 5.0.11 or higher, and ensure that all DesignerAuthoring and IntegrationServer components are at 12.0.9.0-r3-lts or higher. Documentation on the upgrade process is available at <https://www.ibm.com/docs/en/app-connect-contlts?topic=releases-upgrading-operator>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-09-28T15:39:04", "type": "ibm", "title": "Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands may be vulnerable to loss of confidentiality", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-33201"], "modified": "2023-09-28T15:39:04", "id": "17989E4772B41ADDD21B1FD11AC6F256628CC9443C137C7BEE4920FB3ECEF450", "href": "https://www.ibm.com/support/pages/node/7041738", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-08T18:05:46", "description": "## Summary\n\nIBM Maximo Application Suite - Monitor Component uses VMware Tanzu Spring Framework which is vulnerable to CVE-2023-20860. IBM has addressed this vulnerability.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-20860](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250679>) \n** DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote attacker to bypass security restrictions, caused by the use of an un-prefixed double wildcard pattern with the mvcRequestMatcher in Spring Security configuration. An attacker could exploit this vulnerability to create a mismatch in pattern matching between Spring Security and Spring MVC. \nCVSS Base score: 9.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/250679](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250679>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Maximo Application Suite - Monitor Component| 8.9 \nIBM Maximo Application Suite - Monitor Component| 8.10 \n \n## Remediation/Fixes\n\nAffected Product(s)| Fixpack Version(s) \n---|--- \nIBM Maximo Application Suite - Monitor Component| 8.9.6 [or latest (available from the Catalog under Update Available)](<https://www.ibm.com/docs/en/mas-cd/continuous-delivery?topic=upgrading>) \nIBM Maximo Application Suite - Monitor Component| 8.10.4 [or latest (available from the Catalog under Update Available)](<https://www.ibm.com/docs/en/mas-cd/continuous-delivery?topic=upgrading>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-07-24T20:42:40", "type": "ibm", "title": "Security Bulletin: VMware Tanzu Spring Framework is vulnerable to CVE-2023-20860 used in IBM Maximo Application Suite - Monitor Component", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-20860"], "modified": "2023-07-24T20:42:40", "id": "66F6F34BD142F19CBCF224012465A93D508DAF09BA3BDD358780FF0C99B5404D", "href": "https://www.ibm.com/support/pages/node/7014363", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-08T18:20:05", "description": "## Summary\n\nThere is a vulnerability in Spring Framework that could allow a remote authenticated attacker to bypass security restrictions. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. [CVE-2023-20860]\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-20860](<https://vulners.com/cve/CVE-2023-20860>) \n** DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote attacker to bypass security restrictions, caused by the use of an un-prefixed double wildcard pattern with the mvcRequestMatcher in Spring Security configuration. An attacker could exploit this vulnerability to create a mismatch in pattern matching between Spring Security and Spring MVC. \nCVSS Base score: 9.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/250679](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250679>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Process Mining| \n\n1.13.2, 1.13.1 \n \n \n\n\n## Remediation/Fixes\n\n**Remediation/Fixes guidance**: \n\n**Product(s)**| **Version(s) number and/or range **| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Process Mining| \n\n1.13.2, 1.13.1\n\n| \n\n**Upgrade to version 1.14.0.0** \n \n1.Login to [PassPortAdvantage](<https://www-112.ibm.com/software/howtobuy/passportadvantage/homepage/paocustomer> \"PassPortAdvantage\" ) \n \n2\\. Search for \n**M0BMPML** Process Mining 1.14.0.0 Server Multiplatform Multilingual \n \n3\\. Download package\n\n4\\. Follow install instructions \n \n5\\. Repeat for **M0BMQML** Process Mining 1.14.0.0 Client Windows Multilingual \n \n| | \n \n## Workarounds and Mitigations\n\n**Workarounds/Mitigation guidance**: \n\nNone known\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-05-29T13:35:27", "type": "ibm", "title": "Security Bulletin: Vulnerability in Spring Framework affects IBM Process Mining [CVE-2023-20860]", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-20860"], "modified": "2023-05-29T13:35:27", "id": "B9C405A782AE3AD9D4937192BF84735323EFCD8597991C828246547C7B9B4DEB", "href": "https://www.ibm.com/support/pages/node/6999119", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-11-08T18:20:50", "description": "## Summary\n\nThere is a vulnerability in Spring Framework used by Integrated File Agent in IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE. [CVE-2023-20860]\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-20860](<https://vulners.com/cve/CVE-2023-20860>) \n** DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote attacker to bypass security restrictions, caused by the use of an un-prefixed double wildcard pattern with the mvcRequestMatcher in Spring Security configuration. An attacker could exploit this vulnerability to create a mismatch in pattern matching between Spring Security and Spring MVC. \nCVSS Base score: 9.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/250679](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250679>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Sterling Connect Direct for Microsoft Windows| 6.2.0.0 - 6.2.0.4_iFix032 \n \n\n\n## Remediation/Fixes\n\nIBM strongly recommends addressing the vulnerability now by updating. \n\n**Product(s)**| **Version(s)**| **Remediation / Fix** \n---|---|--- \nIBM Sterling Connect:Direct for Microsoft Windows| 6.2.0.0 - 6.2.0.4_iFix032| Apply [6.2.0.4_iFix033](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%20software&product=ibm/Other+software/Sterling+Connect%3ADirect+for+Microsoft+Windows&release=6.2.0.4&platform=All&function=aparId&apars=IT43598> \"6.2.0.4_iFix033\" ), available on Fix Central \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-05-19T09:39:17", "type": "ibm", "title": "Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is affected by a security restrictions bypass due to Spring Framework [CVE-2023-20860]", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-20860"], "modified": "2023-05-19T09:39:17", "id": "8B7BC825CAA1800876B2664D15849E00A0033705EBDA3BA002D10E3DB42CBDFC", "href": "https://www.ibm.com/support/pages/node/6995835", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-12-06T18:09:25", "description": "## Summary\n\nIBM Maximo Application Suite - Monitor Component uses Apache CXF which is vulnerable to CVE-2022-46364.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-46364](<https://vulners.com/cve/CVE-2022-46364>) \n** DESCRIPTION: **Apache CXF is vulnerable to server-side request forgery, caused by a flaw in parsing the href attribute of XOP:Include in MTOM requests. By using a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/242008](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242008>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Maximo Application Suite - Monitor Component| 8.9.2 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Fixpack Version(s) \n---|--- \nIBM Maximo Application Suite - Monitor Component| 8.9.3, 8.10.0, or latest (available from the Catalog under Update Available) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-05-09T18:17:20", "type": "ibm", "title": "Security Bulletin: Apache CXF is vulnerable to CVE-2022-46364 used in IBM Maximo Application Suite - Monitor Component", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-46364"], "modified": "2023-05-09T18:17:20", "id": "A2FC2855758520999DA3A62F24DF6E922433F33747C5813815EA46D21860A053", "href": "https://www.ibm.com/support/pages/node/6989205", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T17:55:56", "description": "## Summary\n\nIBM Watson Machine Learning Accelerator 1.2.x is vulnerable to several vulnerabilities coming from dependent compoents. These are addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-20863](<https://exchange.xforce.ibmcloud.com/vulnerabilities/252807>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/252807](<https://exchange.xforce.ibmcloud.com/vulnerabilities/252807>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2023-32732](<https://exchange.xforce.ibmcloud.com/vulnerabilities/257693>) \n** DESCRIPTION: **gRPC is vulnerable to a denial of service, caused by a base64 encoding error for \"-bin\" suffixed headers. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a termination of connection between a HTTP2 proxy and a gRPC server, and results in a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/257693](<https://exchange.xforce.ibmcloud.com/vulnerabilities/257693>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2023-20861](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250701>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service. By sending a specially crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/250701](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250701>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2023-2976](<https://exchange.xforce.ibmcloud.com/vulnerabilities/258199>) \n** DESCRIPTION: **Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw with using Java's default temporary directory for file creation in FileBackedOutputStream. By sending a specially crafted request, an attacker could exploit this vulnerability to access the files in the default Java temporary directory, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/258199](<https://exchange.xforce.ibmcloud.com/vulnerabilities/258199>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2023-33201](<https://exchange.xforce.ibmcloud.com/vulnerabilities/258653>) \n** DESCRIPTION: **The Bouncy Castle Crypto Package For Java (bc-java) could allow a remote attacker to obtain sensitive information, caused by not validating the X.500 name of any certificate in the implementation of the X509LDAPCertStoreSpi.java class. By using blind LDAP injection attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/258653](<https://exchange.xforce.ibmcloud.com/vulnerabilities/258653>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N) \n \n** CVEID: **[CVE-2023-1370](<https://exchange.xforce.ibmcloud.com/vulnerabilities/249885>) \n** DESCRIPTION: **netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By sending a specially crafted input, a remote attacker could exploit this vulnerability to cause a stack exhaustion and crash the software. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/249885](<https://exchange.xforce.ibmcloud.com/vulnerabilities/249885>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-3509](<https://exchange.xforce.ibmcloud.com/vulnerabilities/239915>) \n** DESCRIPTION: **protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for textformat data. By sending non-repeated embedded messages with repeated or unknown fields, a remote authenticated attacker could exploit this vulnerability to cause long garbage collection pauses. \nCVSS Base score: 5.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/239915](<https://exchange.xforce.ibmcloud.com/vulnerabilities/239915>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2023-33953](<https://exchange.xforce.ibmcloud.com/vulnerabilities/263382>) \n** DESCRIPTION: **gRPC is vulnerable to a denial of service, caused by hpack table accounting errors. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/263382](<https://exchange.xforce.ibmcloud.com/vulnerabilities/263382>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2023-1428](<https://exchange.xforce.ibmcloud.com/vulnerabilities/258439>) \n** DESCRIPTION: **gRPC is vulnerable to a denial of service. By sending a specially crafted header, an attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/258439](<https://exchange.xforce.ibmcloud.com/vulnerabilities/258439>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nPowerAI Enterprise| 1.2.0, 1.2.1, 1.2.2 \nIBM Watson Machine Learning Accelerator| 1.2.3 \n \n## Remediation/Fixes\n\nTo resolve these vulnerabilities, download interim fix dli-1.2.3-build601632-wmla from the following location: <https://www.ibm.com/eserver/support/fixes/> and install it in the IBM\u00ae Watson Machine Learning Accelerator 1.2.3 cluster.\n\nFor IBM\u00ae Watson Machine Learning Accelerator version 1.2.0, 1.2.1 and 1.2.2, refer to the upgrade process <https://www.ibm.com/docs/en/wmla/1.2.3?topic=upgrading-wml-accelerator> to the latest version 1.2.3 first, then apply the interim fix dli-1.2.3-build601632-wmla.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-08-18T21:24:09", "type": "ibm", "title": "Security Bulletin: Mutiple Vulnerabilties Affecting IBM Watson Machine Learning Accelerator", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-3509", "CVE-2023-1370", "CVE-2023-1428", "CVE-2023-20861", "CVE-2023-20863", "CVE-2023-2976", "CVE-2023-32732", "CVE-2023-33201", "CVE-2023-33953"], "modified": "2023-08-18T21:24:09", "id": "7C1B5D0FA031DA8FE69676846CB3E888C4ECACD67FAECEEE869017FFAD05FC00", "href": "https://www.ibm.com/support/pages/node/7028166", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-11T21:50:43", "description": "## Summary\n\nIBM App Connect for Manufacturing is vulnerable to a remote attack due to Bouncy Castle Crypto Package for Java (CVE-2023-33201). The fix includes version >=1.74.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-33201](<https://exchange.xforce.ibmcloud.com/vulnerabilities/258653>) \n** DESCRIPTION: **The Bouncy Castle Crypto Package For Java (bc-java) could allow a remote attacker to obtain sensitive information, caused by not validating the X.500 name of any certificate in the implementation of the X509LDAPCertStoreSpi.java class. By using blind LDAP injection attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/258653](<https://exchange.xforce.ibmcloud.com/vulnerabilities/258653>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM App Connect for Manufacturing| 3.0.1.0 - 3.0.1.2 \nIBM App Connect for Manufacturing| 2.0.0.6 - 2.0.0.8 \n \n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now by applying the appropriate fix to IBM App Connect for Manufacturing**\n\nAffected Product(s)| Version(s)| APAR| Remediation / Fixes \n---|---|---|--- \nApp Connect for Manufacturing| 3.0.1.0 - 3.0.1.2| IT44071| \n\nInterim fix for APAR (IT44071) is available for IBM App Connect for Manufacturing 3.0.1.2 from \n\n[IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+for+Manufacturing&release=3.0.1.2&platform=All&function=aparId&apars=IT44071>) \n \nApp Connect for Manufacturing| 2.0.0.6 - 2.0.0.8| IT44071| \n\nInterim fix for APAR (IT44071) is available for IBM App Connect for Manufacturing 2.0.0.8 from \n\n[IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+for+Manufacturing&release=2.0.0.8&platform=All&function=aparId&apars=IT44071>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-07-28T15:17:20", "type": "ibm", "title": "Security Bulletin: IBM App Connect for Manufacturing is vulnerable to a remote attack due to Bouncy Castle (CVE-2023-33201)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-33201"], "modified": "2023-07-28T15:17:20", "id": "32BBD5E4C84E40979E111BD9619FF2C80236B498208D1EC1CDCC9F130509EB79", "href": "https://www.ibm.com/support/pages/node/7015339", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-11T21:50:13", "description": "## Summary\n\nIBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Bouncy Castle. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-33201](<https://exchange.xforce.ibmcloud.com/vulnerabilities/258653>) \n** DESCRIPTION: **The Bouncy Castle Crypto Package For Java (bc-java) could allow a remote attacker to obtain sensitive information, caused by not validating the X.500 name of any certificate in the implementation of the X509LDAPCertStoreSpi.java class. By using blind LDAP injection attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/258653](<https://exchange.xforce.ibmcloud.com/vulnerabilities/258653>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nWatson Discovery| 4.0.0-4.7.0 \n \n## Remediation/Fixes\n\nUpgrade to IBM Watson Discovery 4.7.1\n\n<https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-07-26T20:57:37", "type": "ibm", "title": "Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Bouncy Castle", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-33201"], "modified": "2023-07-26T20:57:37", "id": "B7FFCDCF2A3B1687DAB018D6101FFF57827679D4F90EB041E7706E9CCDAE5E54", "href": "https://www.ibm.com/support/pages/node/7012003", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-08T18:24:17", "description": "## Summary\n\nIBM ECM Content Management Interoperability Services (CMIS) spring-expression security vulnerability CVE-2023-20861, affected, not vulnerable\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-20861](<https://vulners.com/cve/CVE-2023-20861>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service. By sending a specially crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/250701](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250701>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nCMIS| 3.0.7 \n \n \nIBM ECM Content Management Interoperability Services (CMIS)\n\n \n\n\n## Remediation/Fixes\n\nTo resolve these vulnerabilities, install one of the patch sets listed below to upgrade to spring-expression v5.3.26 & v6.0.7 released March 20, 2023. \n\n**Product**| **VRMF**| **Remediation/First Fix** \n---|---|--- \nCMIS| 3.0.7| CMIS v3.0.7-IF2 - 4/28/2023 \n \n \n \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-05-03T17:28:48", "type": "ibm", "title": "Security Bulletin: IBM ECM Content Management Interoperability Services (CMIS) spring-expression security vulnerability CVE-2023-20861", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-20861"], "modified": "2023-05-03T17:28:48", "id": "8ED26CE4E3C008210C3B0D41D1736FDA7A3F645F5166198DFB321DDA28653695", "href": "https://www.ibm.com/support/pages/node/6988109", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-11-11T21:49:49", "description": "## Summary\n\nApp Connect Professional have addressed the following vulnerability reported in Bouncy Castle.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-33201](<https://exchange.xforce.ibmcloud.com/vulnerabilities/258653>) \n** DESCRIPTION: **The Bouncy Castle Crypto Package For Java (bc-java) could allow a remote attacker to obtain sensitive information, caused by not validating the X.500 name of any certificate in the implementation of the X509LDAPCertStoreSpi.java class. By using blind LDAP injection attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/258653](<https://exchange.xforce.ibmcloud.com/vulnerabilities/258653>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nApp connect professional| v755 \n \n## Remediation/Fixes\n\nAffected Product| Version(s)| APAR| Fixcentral LinK \n---|---|---|--- \nApp Connect Professional| 7.5.5.0| LI83013| [7550 Fixcentral link](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm%2FWebSphere%2FApp+Connect+Professional&release=7.5.5.0&platform=All&function=fixId&fixids=7.5.5.0-WS-ACP-20230726-1453_H30_64-CUMUIFIX-021.builtDockerImage,7.5.5.0-WS-ACP-20230726-1453_H30_64-CUMUIFIX-021.docker,7.5.5.0-WS-ACP-20230726-1453_H30_64-CUMUIFIX-021.vcrypt2,7.5.5.0-WS-ACP-20230726-1453_H30_64-CUMUIFIX-021.sc-linux,7.5.5.0-WS-ACP-20230726-1453_H30_64-CUMUIFIX-021.32bit.sc-linux,7.5.5.0-WS-ACP-20230725-0510_H8_64-CUMUIFIX-021.studio,7.5.5.0-WS-ACP-20230726-1453_H30_64-CUMUIFIX-021.ova,7.5.5.0-WS-ACP-20230725-0510_H8_64-CUMUIFIX-021.32bit.studio,7.5.5.0-WS-ACP-20230726-1453_H30_64-CUMUIFIX-021.32bit.sc-win,7.5.5.0-WS-ACP-20230726-1453_H30_64-CUMUIFIX-021.sc-win,&includeSupersedes=0> \"7550 Fixcentral link\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-08-11T06:06:22", "type": "ibm", "title": "Security Bulletin: App Connect Professional is affected by Bouncy Castle vulnerability.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-33201"], "modified": "2023-08-11T06:06:22", "id": "B1E59CCCA8B3CF5EC7706FD13D0C0D0BAE04DA264E9776524A394476D0F03BEB", "href": "https://www.ibm.com/support/pages/node/7025330", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-11T21:48:25", "description": "## Summary\n\nVulnerability with bcprov-jdk (CVE-2023-33201) This vulnerability have been addressed in the latest ClevOS releases\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2023-33201](<https://exchange.xforce.ibmcloud.com/vulnerabilities/258653>) \n**DESCRIPTION: **The Bouncy Castle Crypto Package For Java (bc-java) could allow a remote attacker to obtain sensitive information, caused by not validating the X.500 name of any certificate in the implementation of the X509LDAPCertStoreSpi.java class. By using blind LDAP injection attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/258653](<https://exchange.xforce.ibmcloud.com/vulnerabilities/258653>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Cloud Object System | 3.17.5.57 or Prior Releases \n \n## Remediation/Fixes\n\nProduct(s) | Version Number | Remediation/Fix \n---|---|--- \nIBM Cloud Object System | [3.17.5.79](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Cloud+Object+Storage+System&release=3.17.5.79&platform=All&function=all>) | [https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Cloud+Object+Storage+System&release=3.17.5.79&platform=All&function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Cloud+Object+Storage+System&release=3.17.5.79&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}}, "published": "2023-09-25T20:55:33", "type": "ibm", "title": "Security Bulletin: Vulnerability with bcprov-jdk affect IBM Cloud Object Storage Systems (Sept2023)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-33201"], "modified": "2023-09-25T20:55:33", "id": "098DAC5AF0B044E2298F8FC1C3B8A064BD9D77BA0109151B6328C3F713B4F1D7", "href": "https://www.ibm.com/support/pages/node/7038966", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-11-08T18:24:00", "description": "## Summary\n\nThere is a vulnerability in Spring Framework that could allow a remote authenticated attacker to execute a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-20861](<https://vulners.com/cve/CVE-2023-20861>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service. By sending a specially crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/250701](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250701>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Process Mining| \n\n1.13.2, 1.13.1 \n \n \n\n\n## Remediation/Fixes\n\n**Remediation/Fixes guidance**: \n\n**Product(s)**| **Version(s) number and/or range **| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Process Mining| \n\n1.13.2, 1.13.1\n\n| \n\n**Upgrade to version 1.14.0.0** \n \n1.Login to [PassPortAdvantage](<https://www-112.ibm.com/software/howtobuy/passportadvantage/homepage/paocustomer> \"PassPortAdvantage\" ) \n \n2\\. Search for \n**M0BMPML** Process Mining 1.14.0.0 Server Multiplatform Multilingual \n \n3\\. Download package\n\n4\\. Follow install instructions \n \n5\\. Repeat for **M0BMQML** Process Mining 1.14.0.0 Client Windows Multilingual \n \n| | \n \n## Workarounds and Mitigations\n\n**Workarounds/Mitigation guidance**: \n\nNone known\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-05-05T14:43:31", "type": "ibm", "title": "Security Bulletin: Vulnerability in Spring Framework affects IBM Process Mining . CVE-2023-20861", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-20861"], "modified": "2023-05-05T14:43:31", "id": "9B805560D17020F4EAF3C66708B3C18DA24147481A5B8A0C640E3C666E540887", "href": "https://www.ibm.com/support/pages/node/6988553", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-11-08T18:25:12", "description": "## Summary\n\nIBM Business Automation Workflow packages a vulnerable copy of Spring expressions in /BPM/Lombardi/lib.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2023-20861](<https://vulners.com/cve/CVE-2023-20861>) \n** DESCRIPTION: **VMware Tanzu Spring Framework is vulnerable to a denial of service. By sending a specially crafted SpEL expression, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/250701](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250701>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s)| Status \n---|---|--- \nIBM Business Automation Workflow containers| \n\nV22.0.2 - V22.0.2.IF003 \nV22.0.1 all fixes \nV21.0.3 - V21.0.3-IF019 \nV21.0.2 all fixes \nV20.0.0.2 all fixes \nV20.0.0.1 all fixes\n\n| affected \nIBM Business Automation Workflow traditional| V22.0.1 - V22.0.2 \nV21.0.1 - V21.0.3.1| affected \nIBM Business Automation Workflow traditional| V20.0.0.1 - V20.0.0.2 \nV19.0.0.1 - V19.0.0.3| not affected \nIBM Business Automation Workflow Enterprise Service Bus| V22.0.2| affected \n \nFor earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product.\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the Interim Fix (iFix) or Cumulative Fix (CF) containing APAR [DT209212](<https://www.ibm.com/mysupport/s/defect/aCI3p0000000E6f/DT209212?language=en_US> \"DT209212\" ) as soon as practical.\n\nAffected Product(s)| Version(s)| Remediation / Fix \n---|---|--- \nIBM Business Automation Workflow containers| V22.0.2 - V22.0.2.IF003| Apply [22.0.2-IF004](<https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-containers-2202-interim-fixes> \"22.0.2-IF004\" ) \nIBM Business Automation Workflow containers| V22.0.1| Upgrade to Business Automation Workflow on Containers 22.0.2 and apply [22.0.2-IF004](<https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-containers-2202-interim-fixes> \"22.0.2-IF004\" ) \nIBM Business Automation Workflow containers| V21.0.3 - V21.0.3-IF019| Apply [21.0.3-IF020](<https://www.ibm.com/support/pages/node/6574109> \"21.0.3-IF020\" ) \nor upgrade to [22.0.2-IF004](<https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-containers-2202-interim-fixes> \"22.0.2-IF004\" ) or later \nIBM Business Automation Workflow containers| V21.0.2 \nV20.0.0.1 - V20.0.0.2| Upgrade to [21.0.3-IF020](<https://www.ibm.com/support/pages/node/6574109> \"21.0.3-IF020\" ) \nor upgrade to [22.0.2-IF004](<https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-containers-2202-interim-fixes> \"22.0.2-IF004\" ) or later \nIBM Business Automation Workflow traditional and IBM Business Automation Workflow Enterprise Service Bus| V22.0.2| Apply [DT209212](<https://www.ibm.com/mysupport/s/defect/aCI3p0000000E6f/DT209212?language=en_US> \"DT209212\" ) \nIBM Business Automation Workflow traditional| V21.0.3.1| Upgrade to [IBM Business Automation Workflow traditional V22.0.2](<https://www.ibm.com/support/pages/node/6830489> \"IBM Business Automation Workflow traditional V22.0.2\" ) and apply [DT209212](<https://www.ibm.com/mysupport/s/defect/aCI3p0000000E6f/DT209212?language=en_US> \"DT209212\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-04-28T17:07:05", "type": "ibm", "title": "Security Bulletin: Denial of Service vulnerability in Spring may affect IBM Business Automation Workflow - CVE-2023-20861", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-20861"], "modified": "2023-04-28T17:07:05", "id": "331584D83A54AFF49B699DA058B3404ECCD8A3C07552045666CF6426AE94CC19", "href": "https://www.ibm.com/support/pages/node/6987089", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-12-06T18:10:40", "description": "## Summary\n\nApache CXF is shipped with IBM Tivoli Business Manager 6.2.0 as part of its web service infrastructure. Information about security vulnerabilities affecting Apache CXF has been published in a security bulletin.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-46363](<https://vulners.com/cve/CVE-2022-46363>) \n** DESCRIPTION: **Apache CXF could allow a remote attacker to obtain sensitive information, caused by a flaw when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. By sending a specially-crafted request, an attacker could exploit this vulnerability to perform directory listing or code exfiltration, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/242009](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242009>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Business Service Manager| 6.2.0 \n \n\n\n## Remediation/Fixes\n\nProduct| VRMF| APAR| Remediation \n---|---|---|--- \nIBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.4| 6.2.0.5| IJ45557| Upgrade to [IBM Tivoli Business Service Manager 6.2.0.5](<https://www.ibm.com/support/pages/node/6967337>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-04-30T21:16:36", "type": "ibm", "title": "Security Bulletin: IBM Tivoli Business Service Manager is vulnerable to remote code execution due to Apache CXF (CVE-2022-46363)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-46363"], "modified": "2023-04-30T21:16:36", "id": "8F2E0FA6476B005EAB110F058267A0DF6C6FC16CF30359EB670315D688EE98A6", "href": "https://www.ibm.com/support/pages/node/6987357", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-06T17:54:42", "description": "## Summary\n\nVulnerability have been identified in cxf-rt-transports-http-3.5.3.jar which is shipped with IBM\u00ae Intelligent Operations Center. Information about this vulnerability affecting IBM\u00ae Intelligent Operations Center have been published and addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-46363](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242009>) \n** DESCRIPTION: **Apache CXF could allow a remote attacker to obtain sensitive information, caused by a flaw when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. By sending a specially-crafted request, an attacker could exploit this vulnerability to perform directory listing or code exfiltration, and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/242009](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242009>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIntelligent Operations Center (IOC)| 5.1.0, 5.1.0.2, 5.1.0.3, 5.1.0.4, 5.1.0.6, 5.2, 5.2.1, 5.2.2, 5.2.3 \n \n## Remediation/Fixes\n\nThe recommended solution is to apply an interim fix that contains the fix for this issue as soon as practical.\n\nDownload the IBM Intelligent Operations Center Version 5.2.4 is an upgrade to IBM Intelligent Operations Center Version 5.2.3 through IBM Intelligent Operations Center Version 5.2 from the following link:\n\n[IBM Intelligent Operations Center Version 5.2.4](<https://www.ibm.com/support/pages/node/7022369>)\n\nInstallation instructions for the fix are included in the readme document that is in the fix package.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-09-05T13:29:17", "type": "ibm", "title": "Security Bulletin: Vulnerability found in cxf-rt-transports-http-3.5.3.jar which is shipped with IBM\u00ae Intelligent Operations Center(CVE-2022-46363)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-46363"], "modified": "2023-09-05T13:29:17", "id": "FA612F0F023D6918A8F9582D5AB6D4A1F189D6D644349320603EA1D26B88DF37", "href": "https://www.ibm.com/support/pages/node/7030635", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "redhat": [{"lastseen": "2023-12-06T18:41:19", "description": "This asynchronous update (7.11.1.P1) patches Red Hat Fuse 7.11.1 on Karaf and Red Hat Fuse 7.11.1 on Spring Boot and several includes security fixes, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* hazelcast: Hazelcast connection caching (CVE-2022-36437)\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n\n* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-26T21:53:56", "type": "redhat", "title": "(RHSA-2023:0483) Critical: Red Hat Fuse 7.11.1.P1 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-36437", "CVE-2022-46363", "CVE-2022-46364"], "modified": "2023-01-26T21:54:23", "id": "RHSA-2023:0483", "href": "https://access.redhat.com/errata/RHSA-2023:0483", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T16:41:18", "description": "A security update for Red Hat Integration Camel Extensions for Quarkus 2.7-1 is now available.\n\nSecurity Fix(es):\n\n* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)\n\n* postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions (CVE-2022-41946)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-03-09T10:45:20", "type": "redhat", "title": "(RHSA-2023:1177) Important: Red Hat Integration Camel Extension For Quarkus 2.7-1 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-41946", "CVE-2022-41966"], "modified": "2023-03-09T10:45:45", "id": "RHSA-2023:1177", "href": "https://access.redhat.com/errata/RHSA-2023:1177", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-06T18:41:14", "description": "Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.\n\nThis release of Red Hat support for Spring Boot 2.7.13 serves as a replacement for Red Hat support for Spring Boot 2.7.12, and includes security, bug fixes and enhancements. For more information, see the release notes linked in the References section.\n\nSecurity Fix(es):\n\n* snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n\n* undertow: Infinite loop in SslConduit during close (CVE-2023-1108)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)\n\n* reactor-netty-http: Log request headers in some cases of invalid HTTP requests (CVE-2022-31684)\n\n* tomcat: JsonErrorReportValve injection (CVE-2022-45143)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-08-16T10:54:20", "type": "redhat", "title": "(RHSA-2023:4612) Important: Red Hat support for Spring Boot 2.7.13 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-46877", "CVE-2022-1471", "CVE-2022-31684", "CVE-2022-45143", "CVE-2023-1108", "CVE-2023-20860", "CVE-2023-20861"], "modified": "2023-08-16T10:54:37", "id": "RHSA-2023:4612", "href": "https://access.redhat.com/errata/RHSA-2023:4612", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-11-08T18:39:02", "description": "The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection.\n\nThe following packages have been upgraded to a later upstream version: ovirt-dependencies (4.5.3), ovirt-engine (4.5.3.8), vdsm (4.50.3.8). (BZ#2180717)\n\nSecurity Fix(es):\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Previously, a host with Secure Intel Icelake Server Family could become non-operational because it did not provide the \"taa-no\" CPU feature. \nIn this release, the check has been fixed in the Manager, and such hosts work properly. (BZ#2184623)\n\n* Previously, when creating bonds on a host outside the Manager and adding the host without starting it, the Rx\\Tx drop count is shown as null.\nAs a result, a Null Pointer Exception is thrown in the Administration Portal > Compute > Hosts > Network Interfaces tab.\nWith this release, null values are accepted, and there are no exceptions displayed in the Network Interfaces tab. (BZ#2180230)\n\n* Previously, the Volume Extend Logic method skipped sparse volumes. As a result, RAW sparse volumes (on file storage) were not extended properly.\nIn this release, RAW sparse volumes are extended as expected. (BZ#2210036)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-06-21T19:50:23", "type": "redhat", "title": "(RHSA-2023:3771) Important: Red Hat Virtualization security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-20860", "CVE-2023-20861"], "modified": "2023-06-21T19:50:46", "id": "RHSA-2023:3771", "href": "https://access.redhat.com/errata/RHSA-2023:3771", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-12-06T16:41:18", "description": "A security update for 2.13.2-1 is now available. The purpose of this text-only errata is to inform you about the security issues fixed.\n\nSecurity Fix(es):\n\n* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)\n\n* postgresql-jdbc: PreparedStatement.setText(int, InputStream) will create a temporary file if the InputStream is larger than 2k (CVE-2022-41946)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-21T15:39:59", "type": "redhat", "title": "(RHSA-2023:0888) Moderate: Red Hat Integration Camel Extension For Quarkus 2.13.2-1 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-41881", "CVE-2022-41946"], "modified": "2023-02-21T15:40:28", "id": "RHSA-2023:0888", "href": "https://access.redhat.com/errata/RHSA-2023:0888", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-06T16:41:18", "description": "This release of Red Hat build of Eclipse Vert.x 4.3.7 GA includes security updates. For more information, see the release notes listed in the References section.\n\nSecurity Fix(es):\n\n* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)\n\n* dev-java-snakeyaml: dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-16T12:55:24", "type": "redhat", "title": "(RHSA-2023:0577) Moderate: Red Hat build of Eclipse Vert.x 4.3.7 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-41854", "CVE-2022-41881"], "modified": "2023-02-16T12:55:44", "id": "RHSA-2023:0577", "href": "https://access.redhat.com/errata/RHSA-2023:0577", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-06T18:41:18", "description": "This release of Camel for Spring Boot 3.20.1 serves as a replacement for Camel for Spring Boot 3.18.3 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.\n\nThe purpose of this text-only errata is to inform you about the security issues fixed.\n\nSecurity Fix(es):\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n* JXPath: untrusted XPath expressions may lead to RCE attack (CVE-2022-41852)\n\n* hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853)\n\n* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* apache-commons-net: FTP client trusts the host from PASV response by default (CVE-2021-37533)\n\n* undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)\n\n* apache-spark: XSS vulnerability in log viewer UI Javascript (CVE-2022-31777)\n\n* Apache Pulsar: Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM (CVE-2022-33681)\n\n* apache-ivy: Directory Traversal (CVE-2022-37865)\n\n* : Apache Ivy: Ivy Path traversal (CVE-2022-37866)\n\n* batik: Server-Side Request Forgery (CVE-2022-38398)\n\n* batik: Server-Side Request Forgery (CVE-2022-38648)\n\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)\n\n* snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)\n\n* snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)\n\n* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)\n\n* scandium: Failing DTLS handshakes may cause throttling to block processing of records (CVE-2022-39368)\n\n* batik: Server-Side Request Forgery (SSRF) vulnerability (CVE-2022-40146)\n\n* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40151)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)\n\n* xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40156)\n\n* batik: Apache XML Graphics Batik vulnerable to code execution via SVG (CVE-2022-41704)\n\n* dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)\n\n* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* batik: Untrusted code execution in Apache XML Graphics Batik (CVE-2022-42890)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\n* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)\n\n* shiro: Authentication bypass through a specially crafted HTTP request (CVE-2023-22602)\n\n* Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\n* springframework: Spring Expression DoS Vulnerability (CVE-2023-20863)\n\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-05-03T14:03:49", "type": "redhat", "title": "(RHSA-2023:2100) Important: Red Hat Integration Camel for Spring Boot 3.20.1 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-37533", "CVE-2022-25857", "CVE-2022-31777", "CVE-2022-33681", "CVE-2022-37865", "CVE-2022-37866", "CVE-2022-38398", "CVE-2022-38648", "CVE-2022-38749", "CVE-2022-38750", "CVE-2022-38751", "CVE-2022-38752", "CVE-2022-39368", "CVE-2022-40146", "CVE-2022-40150", "CVE-2022-40151", "CVE-2022-40152", "CVE-2022-40156", "CVE-2022-41704", "CVE-2022-41852", "CVE-2022-41853", "CVE-2022-41854", "CVE-2022-41881", "CVE-2022-41966", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-42890", "CVE-2022-4492", "CVE-2023-1370", "CVE-2023-1436", "CVE-2023-20860", "CVE-2023-20861", "CVE-2023-20863", "CVE-2023-22602", "CVE-2023-24998"], "modified": "2023-05-03T14:04:16", "id": "RHSA-2023:2100", "href": "https://access.redhat.com/errata/RHSA-2023:2100", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:41:18", "description": "A security update for Camel K 1.10.1 is now available.\n\nThe purpose of this text-only errata is to inform you about the security issues fixed with this release.\n\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)(CVE-2023-1370)\n\n* codehaus-plexus: Directory Traversal (CVE-2022-4244)\n\n* codehaus-plexus: XML External Entity (XXE) Injection (CVE-2022-4245)\n\n* scandium: Failing DTLS handshakes may cause throttling to block processing of records (CVE-2022-39368)\n\n* jdbc-postgresql: postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions (CVE-2022-41946)\n\n* Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2023-06-28T15:57:47", "type": "redhat", "title": "(RHSA-2023:3906) Important: Red Hat Integration Camel K 1.10.1 release security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-39368", "CVE-2022-41946", "CVE-2022-4244", "CVE-2022-4245", "CVE-2022-46363", "CVE-2023-1370"], "modified": "2023-06-28T15:58:10", "id": "RHSA-2023:3906", "href": "https://access.redhat.com/errata/RHSA-2023:3906", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-12-06T18:41:19", "description": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.10 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.9, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.10 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n\n* hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853)\n\n* Undertow: Infinite loop in SslConduit during close (CVE-2023-1108)\n\n* undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)\n\n* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)\n\n* dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)\n\n* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)\n\n* apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider (CVE-2022-45787)\n\n* RESTEasy: creation of insecure temp files (CVE-2023-0482)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-29T11:34:42", "type": "redhat", "title": "(RHSA-2023:1513) Important: Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 8 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1471", "CVE-2022-38752", "CVE-2022-41853", "CVE-2022-41854", "CVE-2022-41881", "CVE-2022-4492", "CVE-2022-45787", "CVE-2023-0482", "CVE-2023-1108"], "modified": "2023-03-29T11:35:20", "id": "RHSA-2023:1513", "href": "https://access.redhat.com/errata/RHSA-2023:1513", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:41:19", "description": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.10 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.9, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.10 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n\n* hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853)\n\n* Undertow: Infinite loop in SslConduit during close (CVE-2023-1108)\n\n* undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)\n\n* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)\n\n* dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)\n\n* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)\n\n* apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider (CVE-2022-45787)\n\n* RESTEasy: creation of insecure temp files (CVE-2023-0482)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-29T11:42:20", "type": "redhat", "title": "(RHSA-2023:1516) Important: Red Hat JBoss Enterprise Application Platform 7.4.10 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1471", "CVE-2022-38752", "CVE-2022-41853", "CVE-2022-41854", "CVE-2022-41881", "CVE-2022-4492", "CVE-2022-45787", "CVE-2023-0482", "CVE-2023-1108"], "modified": "2023-03-29T11:42:42", "id": "RHSA-2023:1516", "href": "https://access.redhat.com/errata/RHSA-2023:1516", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:41:19", "description": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.10 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.9, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.10 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n\n* hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853)\n\n* Undertow: Infinite loop in SslConduit during close (CVE-2023-1108)\n\n* undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)\n\n* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)\n\n* dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)\n\n* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)\n\n* apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider (CVE-2022-45787)\n\n* RESTEasy: creation of insecure temp files (CVE-2023-0482)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-29T11:34:45", "type": "redhat", "title": "(RHSA-2023:1514) Important: Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 9 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1471", "CVE-2022-38752", "CVE-2022-41853", "CVE-2022-41854", "CVE-2022-41881", "CVE-2022-4492", "CVE-2022-45787", "CVE-2023-0482", "CVE-2023-1108"], "modified": "2023-03-29T11:35:16", "id": "RHSA-2023:1514", "href": "https://access.redhat.com/errata/RHSA-2023:1514", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T18:41:19", "description": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.10 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.9 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.10 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n\n* hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853)\n\n* Undertow: Infinite loop in SslConduit during close (CVE-2023-1108)\n\n* undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)\n\n* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)\n\n* dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)\n\n* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)\n\n* apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider (CVE-2022-45787)\n\n* RESTEasy: creation of insecure temp files (CVE-2023-0482)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-29T11:34:39", "type": "redhat", "title": "(RHSA-2023:1512) Important: Red Hat JBoss Enterprise Application Platform 7.4.10 on RHEL 7 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1471", "CVE-2022-38752", "CVE-2022-41853", "CVE-2022-41854", "CVE-2022-41881", "CVE-2022-4492", "CVE-2022-45787", "CVE-2023-0482", "CVE-2023-1108"], "modified": "2023-03-29T11:35:18", "id": "RHSA-2023:1512", "href": "https://access.redhat.com/errata/RHSA-2023:1512", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T16:41:18", "description": "This asynchronous update (7.11.1.P1) patches Red Hat Fuse 7.11.1 on EAP and includes the following security fix, which is documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* hazelcast: Hazelcast connection caching (CVE-2022-36437)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2023-02-08T09:52:07", "type": "redhat", "title": "(RHSA-2023:0661) Critical: Red Hat Fuse 7.11.1.P1 security update for Fuse on EAP", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-36437"], "modified": "2023-02-08T09:52:23", "id": "RHSA-2023:0661", "href": "https://access.redhat.com/errata/RHSA-2023:0661", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-12-06T18:41:19", "description": "This patch, Camel for Spring Boot 3.14.5 Patch 1, serves as a replacement for the previous release of Camel for Spring Boot 3.14.5 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. This release of Camel for Spring Boot includes CXF artifacts that were missing from the previous 3.14.5 release.\n\nSecurity Fix(es):\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jettison: If the value in map is the map's self, the new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n\n* CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)\n\nFor more details about the security issues, including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-30T17:10:04", "type": "redhat", "title": "(RHSA-2023:0544) Important: Red Hat Camel for Spring Boot 3.14.5 Patch 1 release and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-40149", "CVE-2022-45693", "CVE-2022-46363", "CVE-2022-46364"], "modified": "2023-01-30T17:10:19", "id": "RHSA-2023:0544", "href": "https://access.redhat.com/errata/RHSA-2023:0544", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-07T16:41:19", "description": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.3 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* okhttp: information disclosure via improperly used cryptographic function (CVE-2021-0341)\n\n* undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)\n\n* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)\n\n* dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)\n\n* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)\n\n* apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider (CVE-2022-45787)\n\n* RESTEasy: creation of insecure temp files (CVE-2023-0482)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-05-10T11:18:46", "type": "redhat", "title": "(RHSA-2023:2707) Moderate: Red Hat Single Sign-On 7.6.3 security update on RHEL 9", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-0341", "CVE-2022-38752", "CVE-2022-41854", "CVE-2022-41881", "CVE-2022-4492", "CVE-2022-45787", "CVE-2023-0482"], "modified": "2023-05-10T11:19:20", "id": "RHSA-2023:2707", "href": "https://access.redhat.com/errata/RHSA-2023:2707", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-07T16:41:19", "description": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.3 serves as a replacement for Red Hat Single Sign-On 7.6.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* okhttp: information disclosure via improperly used cryptographic function (CVE-2021-0341)\n\n* undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)\n\n* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)\n\n* dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)\n\n* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)\n\n* apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider (CVE-2022-45787)\n\n* RESTEasy: creation of insecure temp files (CVE-2023-0482)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, a

(RHSA-2023:3954) Critical: Red Hat Fuse 7.12 release and security update

Description

Related