Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-22257 (GCVE-0-2024-22257)
Vulnerability from cvelistv5
Published
2024-03-18 14:18
Modified
2025-02-13 17:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Possible Broken Access Control in Spring Security With Direct Use of AuthenticatedVoter
Summary
In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to
5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8,
versions 6.2.x prior to 6.2.3, an application is possible vulnerable to
broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| N/A | Spring Security |
Version: 6.2.0 to 6.2.2, 6.1.0 to 6.1.7, 6.0.0 to 6.0.9, 5.8.0 to 5.8.10, 5.7.0 to 5.7.11 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pivotal_software:spring_security:5.7.0:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:spring_security:5.8.0:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:spring_security:6.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:spring_security:6.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:spring_security:6.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "spring_security",
"vendor": "pivotal_software",
"versions": [
{
"lessThanOrEqual": "5.7.11",
"status": "affected",
"version": "5.7.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.8.10",
"status": "affected",
"version": "5.8.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.0.9",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.7",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.2.2",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22257",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T15:22:14.458591Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T15:32:11.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://spring.io/security/cve-2024-22257"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240419-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Security",
"vendor": "N/A",
"versions": [
{
"status": "affected",
"version": "6.2.0 to 6.2.2, 6.1.0 to 6.1.7, 6.0.0 to 6.0.9, 5.8.0 to 5.8.10, 5.7.0 to 5.7.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to \n5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, \nversions 6.2.x prior to 6.2.3, an application is possible vulnerable to \nbroken access control when it directly uses the \u003ccode\u003eAuthenticatedVoter#vote\u003c/code\u003e passing a \u003ccode\u003enull\u003c/code\u003e Authentication parameter."
}
],
"value": "In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to \n5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, \nversions 6.2.x prior to 6.2.3, an application is possible vulnerable to \nbroken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Possible Broken Access Control in Spring Security With Direct Use of AuthenticatedVoter",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-19T07:05:54.309Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2024-22257"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240419-0005/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-22257",
"datePublished": "2024-03-18T14:18:52.986Z",
"dateReserved": "2024-01-08T18:43:15.942Z",
"dateUpdated": "2025-02-13T17:33:39.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2024-AVI-0432
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Confluence | Confluence Data Center versions antérieures à 8.9.1 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 7.19.22 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.8.0 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.11.3 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 9.12.7 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.12.0 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 9.15.2 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 8.5.9 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.7.2 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 9.4.20 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.15.2 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.4.20 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.12.7 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.9.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 7.19.22",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.8.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.11.3",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.12.7",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.12.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.15.2",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.5.9",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.7.2",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.4.20",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.15.2",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.4.20",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.12.7",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-1597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1597"
},
{
"name": "CVE-2023-45859",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45859"
},
{
"name": "CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"name": "CVE-2022-41966",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41966"
},
{
"name": "CVE-2024-23672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23672"
},
{
"name": "CVE-2024-24549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24549"
},
{
"name": "CVE-2024-22257",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22257"
},
{
"name": "CVE-2024-21683",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21683"
}
],
"initial_release_date": "2024-05-22T00:00:00",
"last_revision_date": "2024-05-22T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0432",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2024-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-25950",
"url": "https://jira.atlassian.com/browse/JSWSERVER-25950"
},
{
"published_at": "2024-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-25949",
"url": "https://jira.atlassian.com/browse/JSWSERVER-25949"
},
{
"published_at": "2024-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-95839",
"url": "https://jira.atlassian.com/browse/CONFSERVER-95839"
},
{
"published_at": "2024-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-25896",
"url": "https://jira.atlassian.com/browse/JSWSERVER-25896"
},
{
"published_at": "2024-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-95834",
"url": "https://jira.atlassian.com/browse/CONFSERVER-95834"
},
{
"published_at": "2024-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-95832",
"url": "https://jira.atlassian.com/browse/CONFSERVER-95832"
},
{
"published_at": "2024-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-25948",
"url": "https://jira.atlassian.com/browse/JSWSERVER-25948"
},
{
"published_at": "2024-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-25905",
"url": "https://jira.atlassian.com/browse/JSWSERVER-25905"
}
]
}
CERTFR-2024-AVI-0514
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Watson Explorer | Watson Explorer DAE Foundational Components versions 11.0.x antérieures à 11.0.2 Fix Pack 19 | ||
| IBM | Db2 | Db2 on Cloud Pak for Data versions antérieures à v5.0 | ||
| IBM | Storage Protect | Storage Protect for Virtual Environments: Data Protection pour Hyper-V et VMware versions 8.1.x antérieures à 8.1.23.0 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct pour Microsoft Windows versions 6.3.x antérieures à 6.3.0.3_iFix004 | ||
| IBM | Watson Explorer | Watson Explorer DAE Analytical Components versions 11.0.x antérieures à 11.0.2 Fix Pack 19 | ||
| IBM | Watson Explorer | Watson Explorer DAE Foundational Components versions 12.0.x antérieures à 12.0.3.15 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct pour Microsoft Windows versions 6.1.x antérieures à 6.1.0.2_iFix087 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct pour Microsoft Windows versions 6.0.x antérieures à 6.0.0.4_iFix088 | ||
| IBM | Watson Explorer | Watson Explorer DAE Analytical Components versions 12.0.x antérieures à 12.0.3.15 | ||
| IBM | Db2 | Db2 Warehouse on Cloud Pak for Data versions antérieures à v5.0 | ||
| IBM | QRadar | QRadar Suite Software versions 1.10.x antérieures à 1.10.22.0 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct pour Microsoft Windows versions 6.2.x antérieures à 6.2.0.6_iFix020 | ||
| IBM | Cloud Pak | Cloud Pak for Security versions 1.10.x antérieures à 1.10.22.0 | ||
| IBM | Storage Protect | Storage Protect Backup-Archive Client versions 8.1.x antérieures à 8.1.23.0 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Watson Explorer DAE Foundational Components versions 11.0.x ant\u00e9rieures \u00e0 11.0.2 Fix Pack 19",
"product": {
"name": "Watson Explorer",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v5.0",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Storage Protect for Virtual Environments: Data Protection pour Hyper-V et VMware versions 8.1.x ant\u00e9rieures \u00e0 8.1.23.0",
"product": {
"name": "Storage Protect",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct pour Microsoft Windows versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.3_iFix004",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Watson Explorer DAE Analytical Components versions 11.0.x ant\u00e9rieures \u00e0 11.0.2 Fix Pack 19",
"product": {
"name": "Watson Explorer",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Watson Explorer DAE Foundational Components versions 12.0.x ant\u00e9rieures \u00e0 12.0.3.15",
"product": {
"name": "Watson Explorer",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct pour Microsoft Windows versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.2_iFix087",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct pour Microsoft Windows versions 6.0.x ant\u00e9rieures \u00e0 6.0.0.4_iFix088",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Watson Explorer DAE Analytical Components versions 12.0.x ant\u00e9rieures \u00e0 12.0.3.15",
"product": {
"name": "Watson Explorer",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v5.0",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions 1.10.x ant\u00e9rieures \u00e0 1.10.22.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct pour Microsoft Windows versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.6_iFix020",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak for Security versions 1.10.x ant\u00e9rieures \u00e0 1.10.22.0",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Storage Protect Backup-Archive Client versions 8.1.x ant\u00e9rieures \u00e0 8.1.23.0",
"product": {
"name": "Storage Protect",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2020-2803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2803"
},
{
"name": "CVE-2024-29041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29041"
},
{
"name": "CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"name": "CVE-2021-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2163"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2024-3772",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3772"
},
{
"name": "CVE-2021-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2161"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2024-34351",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34351"
},
{
"name": "CVE-2022-21299",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21299"
},
{
"name": "CVE-2020-2773",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2773"
},
{
"name": "CVE-2020-2805",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2805"
},
{
"name": "CVE-2020-2830",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2830"
},
{
"name": "CVE-2020-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2781"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2022-21305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21305"
},
{
"name": "CVE-2024-22243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22243"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2024-24557",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24557"
},
{
"name": "CVE-2023-22795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22795"
},
{
"name": "CVE-2024-23082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23082"
},
{
"name": "CVE-2024-25026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25026"
},
{
"name": "CVE-2020-8565",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8565"
},
{
"name": "CVE-2024-28180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
},
{
"name": "CVE-2024-22262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22262"
},
{
"name": "CVE-2021-32052",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32052"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2023-35116",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35116"
},
{
"name": "CVE-2024-23672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23672"
},
{
"name": "CVE-2023-3978",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2024-22329",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22329"
},
{
"name": "CVE-2020-2659",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2659"
},
{
"name": "CVE-2024-30251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30251"
},
{
"name": "CVE-2024-27306",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27306"
},
{
"name": "CVE-2024-23807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23807"
},
{
"name": "CVE-2023-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
},
{
"name": "CVE-2019-11250",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11250"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2022-21365",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21365"
},
{
"name": "CVE-2022-21294",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21294"
},
{
"name": "CVE-2024-27289",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27289"
},
{
"name": "CVE-2024-38329",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38329"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2022-21341",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21341"
},
{
"name": "CVE-2024-24549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24549"
},
{
"name": "CVE-2020-2604",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2604"
},
{
"name": "CVE-2022-21340",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21340"
},
{
"name": "CVE-2024-23081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23081"
},
{
"name": "CVE-2022-21293",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21293"
},
{
"name": "CVE-2020-2800",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2800"
},
{
"name": "CVE-2022-21282",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21282"
},
{
"name": "CVE-2022-21349",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21349"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2021-20264",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20264"
},
{
"name": "CVE-2022-21248",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21248"
},
{
"name": "CVE-2024-29180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29180"
},
{
"name": "CVE-2024-22259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22259"
},
{
"name": "CVE-2024-22257",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22257"
},
{
"name": "CVE-2023-47726",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47726"
},
{
"name": "CVE-2020-2757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2757"
},
{
"name": "CVE-2023-42282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
},
{
"name": "CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"name": "CVE-2024-1681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1681"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"name": "CVE-2024-22354",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22354"
},
{
"name": "CVE-2020-2756",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2756"
},
{
"name": "CVE-2022-21476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21476"
},
{
"name": "CVE-2022-21541",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21541"
},
{
"name": "CVE-2022-21360",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21360"
},
{
"name": "CVE-2022-21296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21296"
},
{
"name": "CVE-2022-21540",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21540"
},
{
"name": "CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
}
],
"initial_release_date": "2024-06-21T00:00:00",
"last_revision_date": "2024-06-21T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0514",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-06-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-06-19",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7158042",
"url": "https://www.ibm.com/support/pages/node/7158042"
},
{
"published_at": "2024-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7157662",
"url": "https://www.ibm.com/support/pages/node/7157662"
},
{
"published_at": "2024-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7157750",
"url": "https://www.ibm.com/support/pages/node/7157750"
},
{
"published_at": "2024-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7157924",
"url": "https://www.ibm.com/support/pages/node/7157924"
},
{
"published_at": "2024-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7157753",
"url": "https://www.ibm.com/support/pages/node/7157753"
},
{
"published_at": "2024-06-20",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7157847",
"url": "https://www.ibm.com/support/pages/node/7157847"
},
{
"published_at": "2024-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7157927",
"url": "https://www.ibm.com/support/pages/node/7157927"
},
{
"published_at": "2024-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7157929",
"url": "https://www.ibm.com/support/pages/node/7157929"
}
]
}
CERTFR-2024-AVI-0595
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle MYSQL. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Server versions 8.0.38, 8.4.1 et 9.0.0 sans les derniers correctifs de sécurité pour la vulnérabilité CVE-2024-21185 | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 8.x sans les derniers correctifs de sécurité | ||
| Oracle | MySQL | MySQL Connectors versions 8.x sans les derniers correctifs de sécurité | ||
| Oracle | MySQL | MySQL Workbench versions antérieures à 8.0.38 | ||
| Oracle | MySQL | MySQL Cluster versions 7.5.x antérieures à 7.5.35, versions 7.6.x antérieures à 7.6.31, versions 8.0.x antérieures à 8.0.38, versions 8.4.x antérieures à 8.4.1 et versions 8.1.0 et 8.3.0 sans les derniers correctifs de sécurité | ||
| Oracle | MySQL | MySQL Server versions 8.0.x antérieures à 8.0.38, versions 8.2.x et 8.3.x sans les derniers correctifs de sécurité et versions 8.4.x antérieures à 8.4.1 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Server versions 8.0.38, 8.4.1 et 9.0.0 sans les derniers correctifs de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-21185",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 8.x sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Connectors versions 8.x sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Workbench versions ant\u00e9rieures \u00e0 8.0.38",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 7.5.x ant\u00e9rieures \u00e0 7.5.35, versions 7.6.x ant\u00e9rieures \u00e0 7.6.31, versions 8.0.x ant\u00e9rieures \u00e0 8.0.38, versions 8.4.x ant\u00e9rieures \u00e0 8.4.1 et versions 8.1.0 et 8.3.0 sans les derniers correctifs de s\u00e9curit\u00e9 ",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 8.0.x ant\u00e9rieures \u00e0 8.0.38, versions 8.2.x et 8.3.x sans les derniers correctifs de s\u00e9curit\u00e9 et versions 8.4.x ant\u00e9rieures \u00e0 8.4.1",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-21171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21171"
},
{
"name": "CVE-2024-21160",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21160"
},
{
"name": "CVE-2023-52425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
},
{
"name": "CVE-2024-21142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21142"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2024-21157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21157"
},
{
"name": "CVE-2024-21166",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21166"
},
{
"name": "CVE-2024-21177",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21177"
},
{
"name": "CVE-2024-22262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22262"
},
{
"name": "CVE-2024-21159",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21159"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2024-21176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21176"
},
{
"name": "CVE-2024-21179",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21179"
},
{
"name": "CVE-2024-20996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20996"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2024-21127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21127"
},
{
"name": "CVE-2024-21134",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21134"
},
{
"name": "CVE-2024-21130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21130"
},
{
"name": "CVE-2024-21135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21135"
},
{
"name": "CVE-2024-25062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
},
{
"name": "CVE-2024-21137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21137"
},
{
"name": "CVE-2024-21165",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21165"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2024-21185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21185"
},
{
"name": "CVE-2024-24549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24549"
},
{
"name": "CVE-2021-24112",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-24112"
},
{
"name": "CVE-2024-21162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21162"
},
{
"name": "CVE-2024-21170",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21170"
},
{
"name": "CVE-2024-21125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21125"
},
{
"name": "CVE-2024-21129",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21129"
},
{
"name": "CVE-2024-22257",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22257"
},
{
"name": "CVE-2024-21163",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21163"
},
{
"name": "CVE-2024-21173",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21173"
}
],
"initial_release_date": "2024-07-17T00:00:00",
"last_revision_date": "2024-07-17T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0595",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MYSQL. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": "2024-07-16",
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2024",
"url": "https://www.oracle.com/security-alerts/cpujul2024.html#AppendixMSQL"
},
{
"published_at": "2024-07-16",
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2024verbose",
"url": "https://www.oracle.com/security-alerts/cpujul2024verbose.html#MSQL"
}
]
}
CERTFR-2024-AVI-0232
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans les produits Spring Security. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Spring | N/A | Spring Security versions 6.2.x antérieures à 6.2.3 | ||
| Spring | N/A | Spring Security versions 5.7.x antérieures à 5.7.12 | ||
| Spring | N/A | Spring Security versions 6.0.x antérieures à 6.0.10 | ||
| Spring | N/A | Spring Security versions 5.8.x antérieures à 5.8.11 | ||
| Spring | N/A | Spring Security versions 6.1.x antérieures à 6.1.8 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Spring Security versions 6.2.x ant\u00e9rieures \u00e0 6.2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Spring Security versions 5.7.x ant\u00e9rieures \u00e0 5.7.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Spring Security versions 6.0.x ant\u00e9rieures \u00e0 6.0.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Spring Security versions 5.8.x ant\u00e9rieures \u00e0 5.8.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Spring Security versions 6.1.x ant\u00e9rieures \u00e0 6.1.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Spring",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-22257",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22257"
}
],
"initial_release_date": "2024-03-19T00:00:00",
"last_revision_date": "2024-03-19T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Spring\u00a0CVE-2024-22257 du 18 mars 2024",
"url": "https://spring.io/security/cve-2024-22257/"
}
],
"reference": "CERTFR-2024-AVI-0232",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-03-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan class=\"textit\"\u003eles\nproduits Spring Security\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer\nun contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Spring Security",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Spring CVE-2024-22257 du 18 mars 2024",
"url": null
}
]
}
CERTFR-2024-AVI-0498
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | VIOS | VIOS version 4.1 avec un fichier python3.9.base versions antérieures à 3.9.18.3 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP8 IF03 | ||
| IBM | Db2 | IBM Db2 versions V10.5 et V11.1 sans le correctif de sécurité DT381013 | ||
| IBM | Db2 | IBM Db2 versions V11.1 et V11.5 sans le correctif de sécurité DT380983 | ||
| IBM | AIX | AIX version 7.3 avec un fichier python3.9.base versions antérieures à 3.9.18.3 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct pour Microsoft Windows versions 6.3.0.x antérieures à 6.3.0.3_iFix003 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VIOS version 4.1 avec un fichier python3.9.base versions ant\u00e9rieures \u00e0 3.9.18.3",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP8 IF03",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 versions V10.5 et V11.1 sans le correctif de s\u00e9curit\u00e9 DT381013",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 versions V11.1 et V11.5 sans le correctif de s\u00e9curit\u00e9 DT380983",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX version 7.3 avec un fichier python3.9.base versions ant\u00e9rieures \u00e0 3.9.18.3",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct pour Microsoft Windows versions 6.3.0.x ant\u00e9rieures \u00e0 6.3.0.3_iFix003",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2019-15505",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15505"
},
{
"name": "CVE-2023-52448",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52448"
},
{
"name": "CVE-2022-45934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45934"
},
{
"name": "CVE-2023-45863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45863"
},
{
"name": "CVE-2023-6915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6915"
},
{
"name": "CVE-2024-28757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
},
{
"name": "CVE-2024-26671",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26671"
},
{
"name": "CVE-2023-37453",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37453"
},
{
"name": "CVE-2023-52489",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52489"
},
{
"name": "CVE-2023-4133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4133"
},
{
"name": "CVE-2023-4244",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4244"
},
{
"name": "CVE-2023-39193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39193"
},
{
"name": "CVE-2023-51779",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51779"
},
{
"name": "CVE-2023-52340",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52340"
},
{
"name": "CVE-2024-26609",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26609"
},
{
"name": "CVE-2024-22262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22262"
},
{
"name": "CVE-2023-39189",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39189"
},
{
"name": "CVE-2023-38409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38409"
},
{
"name": "CVE-2023-39198",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39198"
},
{
"name": "CVE-2021-3753",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3753"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2023-28464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28464"
},
{
"name": "CVE-2023-3567",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3567"
},
{
"name": "CVE-2023-52580",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52580"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2023-52574",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52574"
},
{
"name": "CVE-2022-3565",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3565"
},
{
"name": "CVE-2023-31083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31083"
},
{
"name": "CVE-2023-6176",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6176"
},
{
"name": "CVE-2022-0500",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0500"
},
{
"name": "CVE-2024-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0841"
},
{
"name": "CVE-2020-25656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25656"
},
{
"name": "CVE-2023-51780",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51780"
},
{
"name": "CVE-2023-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52434"
},
{
"name": "CVE-2024-25742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25742"
},
{
"name": "CVE-2024-25743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25743"
},
{
"name": "CVE-2024-26602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26602"
},
{
"name": "CVE-2021-4204",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4204"
},
{
"name": "CVE-2023-39192",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39192"
},
{
"name": "CVE-2023-39194",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39194"
},
{
"name": "CVE-2023-52620",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52620"
},
{
"name": "CVE-2023-24023",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24023"
},
{
"name": "CVE-2023-6932",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6932"
},
{
"name": "CVE-2023-1513",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1513"
},
{
"name": "CVE-2024-22257",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22257"
},
{
"name": "CVE-2023-52581",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52581"
},
{
"name": "CVE-2019-13631",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13631"
},
{
"name": "CVE-2023-42755",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42755"
},
{
"name": "CVE-2023-25775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25775"
},
{
"name": "CVE-2023-6622",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6622"
},
{
"name": "CVE-2022-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23222"
},
{
"name": "CVE-2023-6121",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6121"
},
{
"name": "CVE-2023-42754",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42754"
}
],
"initial_release_date": "2024-06-14T00:00:00",
"last_revision_date": "2024-06-14T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0498",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-06-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-06-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7157223",
"url": "https://www.ibm.com/support/pages/node/7157223"
},
{
"published_at": "2024-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7156848",
"url": "https://www.ibm.com/support/pages/node/7156848"
},
{
"published_at": "2024-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7156850",
"url": "https://www.ibm.com/support/pages/node/7156850"
},
{
"published_at": "2024-06-13",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7157444",
"url": "https://www.ibm.com/support/pages/node/7157444"
},
{
"published_at": "2024-06-07",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7156774",
"url": "https://www.ibm.com/support/pages/node/7156774"
}
]
}
CERTFR-2025-AVI-0215
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits VMware. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu Gemfire Management Console versions ant\u00e9rieures \u00e0 1.3.1",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2024-38286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38286"
},
{
"name": "CVE-2024-45772",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45772"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2024-22243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22243"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2024-22262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22262"
},
{
"name": "CVE-2024-38809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38809"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2024-36124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36124"
},
{
"name": "CVE-2024-23672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23672"
},
{
"name": "CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"name": "CVE-2024-56337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56337"
},
{
"name": "CVE-2024-6763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
},
{
"name": "CVE-2024-38827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38827"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2024-38821",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38821"
},
{
"name": "CVE-2024-34750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34750"
},
{
"name": "CVE-2024-38828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
},
{
"name": "CVE-2024-24549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24549"
},
{
"name": "CVE-2024-38808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38808"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2024-22259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22259"
},
{
"name": "CVE-2024-22257",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22257"
},
{
"name": "CVE-2024-50379",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50379"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2024-52317",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52317"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2024-32473",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32473"
},
{
"name": "CVE-2024-24789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
}
],
"initial_release_date": "2025-03-17T00:00:00",
"last_revision_date": "2025-03-17T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0215",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tanzu Gemfire",
"vendor_advisories": [
{
"published_at": "2025-03-14",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 25509",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25509"
}
]
}
CERTFR-2026-AVI-0671
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits NetApp. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| NetApp | ONTAP tools pour VMware vSphere 10 | ONTAP tools pour VMware vSphere 10 versions antérieures à 10.3 | ||
| NetApp | Active IQ Unified Manager pour Microsoft Windows | Active IQ Unified Manager pour Microsoft Windows versions antérieures à 9.18P1 | ||
| NetApp | Brocade SAN Navigator (SANnav) | Brocade SAN Navigator (SANnav) versions antérieures à v2.3.1 | ||
| NetApp | Active IQ Unified Manager pour VMware vSphere | Active IQ Unified Manager pour VMware vSphere versions 9.18.x antérieures à 9.18P1 | ||
| NetApp | Active IQ Unified Manager pour Linux | Active IQ Unified Manager pour Linux versions antérieures à 9.18P1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ONTAP tools pour VMware vSphere 10 versions ant\u00e9rieures \u00e0 10.3",
"product": {
"name": "ONTAP tools pour VMware vSphere 10",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "Active IQ Unified Manager pour Microsoft Windows versions ant\u00e9rieures \u00e0 9.18P1",
"product": {
"name": "Active IQ Unified Manager pour Microsoft Windows",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "Brocade SAN Navigator (SANnav) versions ant\u00e9rieures \u00e0 v2.3.1",
"product": {
"name": "Brocade SAN Navigator (SANnav)",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "Active IQ Unified Manager pour VMware vSphere versions 9.18.x ant\u00e9rieures \u00e0 9.18P1",
"product": {
"name": "Active IQ Unified Manager pour VMware vSphere",
"vendor": {
"name": "NetApp",
"scada": false
}
}
},
{
"description": "Active IQ Unified Manager pour Linux versions ant\u00e9rieures \u00e0 9.18P1",
"product": {
"name": "Active IQ Unified Manager pour Linux",
"vendor": {
"name": "NetApp",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-53816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53816"
},
{
"name": "CVE-2025-23367",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23367"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2023-20863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20863"
},
{
"name": "CVE-2023-0482",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0482"
},
{
"name": "CVE-2024-22257",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22257"
},
{
"name": "CVE-2025-53817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53817"
}
],
"initial_release_date": "2026-06-01T00:00:00",
"last_revision_date": "2026-06-01T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0671",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-06-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits NetApp. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits NetApp",
"vendor_advisories": [
{
"published_at": "2026-05-27",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20240419-0005",
"url": "https://security.netapp.com/advisory/NTAP-20240419-0005"
},
{
"published_at": "2026-05-27",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20251107-0004",
"url": "https://security.netapp.com/advisory/NTAP-20251107-0004"
},
{
"published_at": "2026-05-27",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20251128-0012",
"url": "https://security.netapp.com/advisory/NTAP-20251128-0012"
},
{
"published_at": "2026-05-27",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20240524-0015",
"url": "https://security.netapp.com/advisory/NTAP-20240524-0015"
},
{
"published_at": "2026-05-27",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20260102-0015",
"url": "https://security.netapp.com/advisory/NTAP-20260102-0015"
},
{
"published_at": "2026-05-27",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20230427-0001",
"url": "https://security.netapp.com/advisory/NTAP-20230427-0001"
},
{
"published_at": "2026-05-27",
"title": "Bulletin de s\u00e9curit\u00e9 NetApp NTAP-20250829-0002",
"url": "https://security.netapp.com/advisory/NTAP-20250829-0002"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…