Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-8331 (GCVE-0-2019-8331)
Vulnerability from cvelistv5 – Published: 2019-02-20 16:00 – Updated: 2024-08-04 21:17- n/a
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:31.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107375",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107375"
},
{
"name": "20190509 dotCMS v5.1.1 Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"name": "20190510 dotCMS v5.1.1 Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/May/13"
},
{
"name": "RHSA-2019:1456",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1456"
},
{
"name": "[flink-user] 20190811 Apache flink 1.7.2 security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E"
},
{
"name": "[flink-dev] 20190811 Apache flink 1.7.2 security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E"
},
{
"name": "[flink-user] 20190813 Apache flink 1.7.2 security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E"
},
{
"name": "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E"
},
{
"name": "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E"
},
{
"name": "RHSA-2019:3023",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3023"
},
{
"name": "RHSA-2019:3024",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3024"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
},
{
"name": "[hbase-issues] 20201116 [GitHub] [hbase] symat opened a new pull request #2661: HBASE-25261 Upgrade Bootstrap to 3.4.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/twbs/bootstrap/pull/28236"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/twbs/bootstrap/releases/tag/v4.3.1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/twbs/bootstrap/releases/tag/v3.4.1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K24383845"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K24383845?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2021-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-22T17:06:15.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "107375",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107375"
},
{
"name": "20190509 dotCMS v5.1.1 Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"name": "20190510 dotCMS v5.1.1 Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/May/13"
},
{
"name": "RHSA-2019:1456",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1456"
},
{
"name": "[flink-user] 20190811 Apache flink 1.7.2 security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E"
},
{
"name": "[flink-dev] 20190811 Apache flink 1.7.2 security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E"
},
{
"name": "[flink-user] 20190813 Apache flink 1.7.2 security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E"
},
{
"name": "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E"
},
{
"name": "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E"
},
{
"name": "RHSA-2019:3023",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3023"
},
{
"name": "RHSA-2019:3024",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3024"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
},
{
"name": "[hbase-issues] 20201116 [GitHub] [hbase] symat opened a new pull request #2661: HBASE-25261 Upgrade Bootstrap to 3.4.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/twbs/bootstrap/pull/28236"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/twbs/bootstrap/releases/tag/v4.3.1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/twbs/bootstrap/releases/tag/v3.4.1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K24383845"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K24383845?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2021-14"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107375",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107375"
},
{
"name": "20190509 dotCMS v5.1.1 Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"name": "20190510 dotCMS v5.1.1 Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/May/13"
},
{
"name": "RHSA-2019:1456",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1456"
},
{
"name": "[flink-user] 20190811 Apache flink 1.7.2 security issues",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E"
},
{
"name": "[flink-dev] 20190811 Apache flink 1.7.2 security issues",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E"
},
{
"name": "[flink-user] 20190813 Apache flink 1.7.2 security issues",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E"
},
{
"name": "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E"
},
{
"name": "[superset-dev] 20190926 Re: [VOTE] Release Superset 0.34.1 based on Superset 0.34.1rc1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E"
},
{
"name": "RHSA-2019:3023",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3023"
},
{
"name": "RHSA-2019:3024",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3024"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"name": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
},
{
"name": "[hbase-issues] 20201116 [GitHub] [hbase] symat opened a new pull request #2661: HBASE-25261 Upgrade Bootstrap to 3.4.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://github.com/twbs/bootstrap/pull/28236",
"refsource": "MISC",
"url": "https://github.com/twbs/bootstrap/pull/28236"
},
{
"name": "https://github.com/twbs/bootstrap/releases/tag/v4.3.1",
"refsource": "MISC",
"url": "https://github.com/twbs/bootstrap/releases/tag/v4.3.1"
},
{
"name": "https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/",
"refsource": "CONFIRM",
"url": "https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/"
},
{
"name": "https://github.com/twbs/bootstrap/releases/tag/v3.4.1",
"refsource": "MISC",
"url": "https://github.com/twbs/bootstrap/releases/tag/v3.4.1"
},
{
"name": "https://support.f5.com/csp/article/K24383845",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K24383845"
},
{
"name": "https://support.f5.com/csp/article/K24383845?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K24383845?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "https://www.tenable.com/security/tns-2021-14",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2021-14"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-8331",
"datePublished": "2019-02-20T16:00:00.000Z",
"dateReserved": "2019-02-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:17:31.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2026-AVI-0249
Vulnerability from certfr_avis - Published: 2026-03-06 - Updated: 2026-03-06
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar | QRadar Data Synchronization App versions antérieures à 3.3.0 | ||
| IBM | Db2 | DB2 Data Management Console versions antérieures à 3.1.13 | ||
| IBM | Tivoli | Tivoli Netcool/OMNIbus_GUI sans le dernier correctif de sécurité | ||
| IBM | Db2 | DB2 Recovery Expert versions antérieures à 5.5.0.1 Interim Fix 8 | ||
| IBM | Db2 | Db2 Warehouse on Cloud Pak for Data versions antérieures à 5.3.1 | ||
| IBM | Db2 | Db2 on Cloud Pak for Data versions antérieures à 5.3.1 | ||
| IBM | QRadar | QRadar Pre-Validation App versions antérieures à 2.0.2 |
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QRadar Data Synchronization App versions ant\u00e9rieures \u00e0 3.3.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console versions ant\u00e9rieures \u00e0 3.1.13",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Tivoli Netcool/OMNIbus_GUI sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Recovery Expert versions ant\u00e9rieures \u00e0 5.5.0.1 Interim Fix 8",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 5.3.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 on Cloud Pak for Data versions ant\u00e9rieures \u00e0 5.3.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Pre-Validation App versions ant\u00e9rieures \u00e0 2.0.2",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"name": "CVE-2021-33036",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33036"
},
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2025-53547",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53547"
},
{
"name": "CVE-2025-36353",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36353"
},
{
"name": "CVE-2026-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
},
{
"name": "CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2026-21932",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"name": "CVE-2025-58190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58190"
},
{
"name": "CVE-2024-6531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6531"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2016-0703",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0703"
},
{
"name": "CVE-2025-5222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5222"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2025-13867",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13867"
},
{
"name": "CVE-2025-2668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2668"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-36427",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36427"
},
{
"name": "CVE-2024-23944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23944"
},
{
"name": "CVE-2025-32386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32386"
},
{
"name": "CVE-2024-35176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35176"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"name": "CVE-2025-32421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32421"
},
{
"name": "CVE-2025-47944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47944"
},
{
"name": "CVE-2024-3154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3154"
},
{
"name": "CVE-2024-57980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57980"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2025-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
},
{
"name": "CVE-2025-36384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36384"
},
{
"name": "CVE-2025-36098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36098"
},
{
"name": "CVE-2025-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2025-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36184"
},
{
"name": "CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2016-0800",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0800"
},
{
"name": "CVE-2024-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3933"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2025-22121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22121"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-49128",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49128"
},
{
"name": "CVE-2025-22091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22091"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2025-36247",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36247"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2025-36009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36009"
},
{
"name": "CVE-2016-9318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
},
{
"name": "CVE-2024-51479",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51479"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2026-23745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
},
{
"name": "CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2025-36070",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36070"
},
{
"name": "CVE-2022-46337",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46337"
},
{
"name": "CVE-2015-2716",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2716"
},
{
"name": "CVE-2024-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2025-36428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36428"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2025-21613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21613"
},
{
"name": "CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"name": "CVE-2025-36424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36424"
},
{
"name": "CVE-2025-36387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36387"
},
{
"name": "CVE-2019-19921",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19921"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2025-64329",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64329"
},
{
"name": "CVE-2025-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27903"
},
{
"name": "CVE-2015-1283",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1283"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-37958",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37958"
},
{
"name": "CVE-2023-22041",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22041"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2016-4472",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4472"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2024-10917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10917"
},
{
"name": "CVE-2024-9042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9042"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2024-31141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31141"
},
{
"name": "CVE-2025-30691",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30691"
},
{
"name": "CVE-2025-57822",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57822"
},
{
"name": "CVE-2024-53113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53113"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2025-67779",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67779"
},
{
"name": "CVE-2022-32743",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32743"
},
{
"name": "CVE-2025-55183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55183"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2024-12085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12085"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2023-22043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22043"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2025-31133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
},
{
"name": "CVE-2024-36621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36621"
},
{
"name": "CVE-2024-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2025-55173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55173"
},
{
"name": "CVE-2024-40635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40635"
},
{
"name": "CVE-2024-48910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48910"
},
{
"name": "CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"name": "CVE-2025-38086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38086"
},
{
"name": "CVE-2025-48068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48068"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2022-40609",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40609"
},
{
"name": "CVE-2018-5764",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5764"
},
{
"name": "CVE-2024-50264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50264"
},
{
"name": "CVE-2025-57752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57752"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2022-21628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
},
{
"name": "CVE-2025-38110",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38110"
},
{
"name": "CVE-2020-15115",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15115"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2025-22113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22113"
},
{
"name": "CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"name": "CVE-2025-5187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5187"
},
{
"name": "CVE-2026-1188",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1188"
},
{
"name": "CVE-2025-37797",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37797"
},
{
"name": "CVE-2012-2098",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2098"
},
{
"name": "CVE-2024-41909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41909"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2023-35887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35887"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2024-56332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56332"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2026-25765",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25765"
},
{
"name": "CVE-2025-7039",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7039"
},
{
"name": "CVE-2022-29458",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29458"
},
{
"name": "CVE-2024-39908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39908"
},
{
"name": "CVE-2025-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2025-38089",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38089"
},
{
"name": "CVE-2023-2727",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2727"
},
{
"name": "CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2025-36425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36425"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2021-37404",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37404"
},
{
"name": "CVE-2025-58457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58457"
},
{
"name": "CVE-2026-24842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
},
{
"name": "CVE-2025-47935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47935"
},
{
"name": "CVE-2025-22085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22085"
},
{
"name": "CVE-2025-50537",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50537"
},
{
"name": "CVE-2026-23950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2024-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21626"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2016-0704",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0704"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2025-54410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54410"
},
{
"name": "CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2022-29154",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29154"
},
{
"name": "CVE-2025-1767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1767"
},
{
"name": "CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2025-36001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36001"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2024-47875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2018-14041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
},
{
"name": "CVE-2025-24294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24294"
},
{
"name": "CVE-2025-29927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
},
{
"name": "CVE-2024-25621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25621"
},
{
"name": "CVE-2025-36365",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36365"
},
{
"name": "CVE-2023-42503",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42503"
},
{
"name": "CVE-2025-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27904"
},
{
"name": "CVE-2025-32387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32387"
},
{
"name": "CVE-2025-58058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58058"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"name": "CVE-2025-36442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36442"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-21905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21905"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-7339",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7339"
},
{
"name": "CVE-2025-14689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14689"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2024-47072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47072"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2025-36366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36366"
},
{
"name": "CVE-2025-36123",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36123"
},
{
"name": "CVE-2025-27900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27900"
},
{
"name": "CVE-2025-0426",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0426"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2025-27899",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27899"
},
{
"name": "CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"name": "CVE-2023-22044",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22044"
},
{
"name": "CVE-2025-48997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48997"
},
{
"name": "CVE-2025-27901",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27901"
},
{
"name": "CVE-2022-45047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
},
{
"name": "CVE-2021-22570",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22570"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2025-48387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48387"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2025-27898",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27898"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2023-2728",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2728"
},
{
"name": "CVE-2024-7143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7143"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2022-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
},
{
"name": "CVE-2025-36407",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36407"
},
{
"name": "CVE-2025-7338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7338"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"name": "CVE-2025-55184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55184"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2024-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
},
{
"name": "CVE-2025-59343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59343"
},
{
"name": "CVE-2024-36623",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36623"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2024-36620",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36620"
},
{
"name": "CVE-2025-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
},
{
"name": "CVE-2021-20251",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20251"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
},
{
"name": "CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"name": "CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
}
],
"initial_release_date": "2026-03-06T00:00:00",
"last_revision_date": "2026-03-06T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0249",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-03-06",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262753",
"url": "https://www.ibm.com/support/pages/node/7262753"
},
{
"published_at": "2026-03-06",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262754",
"url": "https://www.ibm.com/support/pages/node/7262754"
},
{
"published_at": "2026-03-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262324",
"url": "https://www.ibm.com/support/pages/node/7262324"
},
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262669",
"url": "https://www.ibm.com/support/pages/node/7262669"
},
{
"published_at": "2026-03-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262494",
"url": "https://www.ibm.com/support/pages/node/7262494"
},
{
"published_at": "2026-03-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262548",
"url": "https://www.ibm.com/support/pages/node/7262548"
},
{
"published_at": "2026-03-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262325",
"url": "https://www.ibm.com/support/pages/node/7262325"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7259901",
"url": "https://www.ibm.com/support/pages/node/7259901"
}
]
}
CERTFR-2023-AVI-0513
Vulnerability from certfr_avis - Published: 2023-07-07 - Updated: 2023-07-07
De multiples vulnérabilités ont été découvertes dans les produits IBM. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, un déni de service, une injection de code indirecte à distance (XSS), une élévation de privilèges, un problème de sécurité non spécifié par l'éditeur, une atteinte à l'intégrité des données, une atteinte à la confidentialité des données et une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
None| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct File Agent versions 1.4.x antérieures à 1.4.0.2_iFix042 | ||
| IBM | Sterling Connect:Direct | BM Sterling Connect:Direct Web Services versions 6.2.x antérieures à 6.2.0.17 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct pour Microsoft Windows versions 6.2.x antérieures à 6.2.0.4_iFix039 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM version 7.5.x antérieures à 7.5.0 UP6 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct pour Microsoft Windows versions 6.1.x antérieures à 6.1.0.2_iFix064 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct pour Microsoft Windows versions 6.0.x antérieures à 6.0.0.4_iFix068 | ||
| IBM | N/A | IBM Connect:Direct Web Services versions 6.1.x antérieures à 6.1.0.19 | ||
| IBM | Sterling Connect:Direct | IBM Sterling Connect:Direct pour Microsoft Windows versions 6.3.x antérieures à 6.3.0.0_iFix007 |
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Sterling Connect:Direct File Agent versions 1.4.x ant\u00e9rieures \u00e0 1.4.0.2_iFix042",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "BM Sterling Connect:Direct Web Services versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.17",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct pour Microsoft Windows versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.4_iFix039",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM version 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP6",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct pour Microsoft Windows versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.2_iFix064",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct pour Microsoft Windows versions 6.0.x ant\u00e9rieures \u00e0 6.0.0.4_iFix068",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Connect:Direct Web Services versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.19",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Sterling Connect:Direct pour Microsoft Windows versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.0_iFix007",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2021-3733",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3733"
},
{
"name": "CVE-2023-28708",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28708"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2021-23336",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23336"
},
{
"name": "CVE-2023-1436",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1436"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2022-23521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23521"
},
{
"name": "CVE-2022-42703",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42703"
},
{
"name": "CVE-2023-20861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20861"
},
{
"name": "CVE-2022-41903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41903"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2022-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0391"
},
{
"name": "CVE-2020-26116",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26116"
},
{
"name": "CVE-2022-43750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43750"
},
{
"name": "CVE-2018-20060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
},
{
"name": "CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"name": "CVE-2021-43138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
},
{
"name": "CVE-2023-0767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
},
{
"name": "CVE-2015-0254",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0254"
},
{
"name": "CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"name": "CVE-2022-45693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2019-9740",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9740"
},
{
"name": "CVE-2022-4378",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4378"
},
{
"name": "CVE-2022-40151",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40151"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2021-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3737"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2023-25194",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25194"
},
{
"name": "CVE-2022-38023",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38023"
},
{
"name": "CVE-2023-20863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20863"
},
{
"name": "CVE-2019-18348",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18348"
},
{
"name": "CVE-2022-45685",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45685"
},
{
"name": "CVE-2023-20859",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20859"
},
{
"name": "CVE-2022-34917",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34917"
},
{
"name": "CVE-2023-20860",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20860"
},
{
"name": "CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2021-28861",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28861"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2023-24329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2015-20107",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-20107"
},
{
"name": "CVE-2023-1999",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1999"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
}
],
"initial_release_date": "2023-07-07T00:00:00",
"last_revision_date": "2023-07-07T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0513",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-07-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits \u003cspan\nclass=\"textit\"\u003eIBM\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nun contournement de la politique de s\u00e9curit\u00e9, un d\u00e9ni de service, une\ninjection de code indirecte \u00e0 distance (XSS), une \u00e9l\u00e9vation de\nprivil\u00e8ges, un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es, une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es et une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7010099 du 06 juillet 2023",
"url": "https://www.ibm.com/support/pages/node/7010099"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7009987 du 06 juillet 2023",
"url": "https://www.ibm.com/support/pages/node/7009987"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7009301 du 07 juillet 2023",
"url": "https://www.ibm.com/support/pages/node/7009301"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7010095 du 06 juillet 2023",
"url": "https://www.ibm.com/support/pages/node/7010095"
}
]
}
CERTFR-2024-AVI-1030
Vulnerability from certfr_avis - Published: 2024-11-29 - Updated: 2024-11-29
De multiples vulnérabilités ont été découvertes dans IBM QRadar. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QRadar User Behavior Analytics versions 1.x \u00e0 4.1.x ant\u00e9rieures \u00e0 4.1.17",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2024-43788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43788"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2024-47831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47831"
},
{
"name": "CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"name": "CVE-2024-34069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34069"
},
{
"name": "CVE-2018-20676",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20676"
},
{
"name": "CVE-2024-1135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1135"
},
{
"name": "CVE-2018-20677",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20677"
},
{
"name": "CVE-2024-45801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
},
{
"name": "CVE-2024-5569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5569"
},
{
"name": "CVE-2024-47875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
},
{
"name": "CVE-2018-14041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
},
{
"name": "CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"name": "CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"name": "CVE-2024-34064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
},
{
"name": "CVE-2024-39689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39689"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
}
],
"initial_release_date": "2024-11-29T00:00:00",
"last_revision_date": "2024-11-29T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-1030",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar",
"vendor_advisories": [
{
"published_at": "2024-11-20",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7176642",
"url": "https://www.ibm.com/support/pages/node/7176642"
}
]
}
CERTFR-2024-AVI-1103
Vulnerability from certfr_avis - Published: 2024-12-20 - Updated: 2024-12-20
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.4 | ||
| IBM | Sterling | Sterling External Authentication Server versions 6.1.0.x antérieures à 6.1.0.2 ifix 01 | ||
| IBM | QRadar SIEM | Security QRadar Log Management AQL Plugin versions antérieures à 1.1.0 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.0.x antérieures à 6.0.3.1 (fixpack) GA | ||
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 11.2.4 FP5 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.1.x antérieures à 6.1.0.1 (fixpack) GA | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.2.x antérieures à 6.2.0.0 ifix 01 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.3.x antérieures à 6.3.0.11_ifix001 |
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.2 ifix 01",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": " Security QRadar Log Management AQL Plugin versions ant\u00e9rieures \u00e0 1.1.0",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1 (fixpack) GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 FP5",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.1 (fixpack) GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.0 ifix 01",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.11_ifix001",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2017-9937",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9937"
},
{
"name": "CVE-2023-52356",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52356"
},
{
"name": "CVE-2023-41334",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41334"
},
{
"name": "CVE-2023-37536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37536"
},
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2024-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22871"
},
{
"name": "CVE-2024-7006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7006"
},
{
"name": "CVE-2023-3316",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3316"
},
{
"name": "CVE-2024-36138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36138"
},
{
"name": "CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"name": "CVE-2024-29041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29041"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2024-22020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22020"
},
{
"name": "CVE-2022-3626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3626"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2020-12401",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12401"
},
{
"name": "CVE-2018-15209",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15209"
},
{
"name": "CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"name": "CVE-2018-17100",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17100"
},
{
"name": "CVE-2022-3599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3599"
},
{
"name": "CVE-2022-34266",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34266"
},
{
"name": "CVE-2020-35521",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35521"
},
{
"name": "CVE-2023-0796",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0796"
},
{
"name": "CVE-2023-50386",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50386"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2023-52425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
},
{
"name": "CVE-2024-23944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23944"
},
{
"name": "CVE-2022-48554",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48554"
},
{
"name": "CVE-2024-39008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39008"
},
{
"name": "CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"name": "CVE-2024-28757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
},
{
"name": "CVE-2023-30086",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30086"
},
{
"name": "CVE-2019-11727",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11727"
},
{
"name": "CVE-2024-25638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25638"
},
{
"name": "CVE-2022-2057",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2057"
},
{
"name": "CVE-2019-6128",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6128"
},
{
"name": "CVE-2023-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26965"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2023-52426",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52426"
},
{
"name": "CVE-2022-2058",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2058"
},
{
"name": "CVE-2024-45082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45082"
},
{
"name": "CVE-2023-50782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
},
{
"name": "CVE-2022-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3627"
},
{
"name": "CVE-2022-2867",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2867"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2023-32067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
},
{
"name": "CVE-2022-3598",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3598"
},
{
"name": "CVE-2023-0798",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0798"
},
{
"name": "CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"name": "CVE-2023-2731",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2731"
},
{
"name": "CVE-2023-0803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0803"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2023-30774",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30774"
},
{
"name": "CVE-2023-4759",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4759"
},
{
"name": "CVE-2017-11613",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11613"
},
{
"name": "CVE-2017-12652",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12652"
},
{
"name": "CVE-2024-41752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41752"
},
{
"name": "CVE-2023-50447",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50447"
},
{
"name": "CVE-2018-18508",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18508"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2024-33883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33883"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"name": "CVE-2022-22844",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22844"
},
{
"name": "CVE-2014-1544",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1544"
},
{
"name": "CVE-2023-4421",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4421"
},
{
"name": "CVE-2023-6277",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6277"
},
{
"name": "CVE-2023-4813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4813"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"name": "CVE-2023-50298",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50298"
},
{
"name": "CVE-2024-25629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2023-50292",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50292"
},
{
"name": "CVE-2018-20676",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20676"
},
{
"name": "CVE-2023-0802",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0802"
},
{
"name": "CVE-2022-2056",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2056"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2021-43138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
},
{
"name": "CVE-2020-25648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25648"
},
{
"name": "CVE-2019-17023",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17023"
},
{
"name": "CVE-2022-21699",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21699"
},
{
"name": "CVE-2024-28176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28176"
},
{
"name": "CVE-2019-7317",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7317"
},
{
"name": "CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"name": "CVE-2019-17007",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17007"
},
{
"name": "CVE-2023-0767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
},
{
"name": "CVE-2023-51074",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51074"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2023-38289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38289"
},
{
"name": "CVE-2018-20677",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20677"
},
{
"name": "CVE-2010-1205",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1205"
},
{
"name": "CVE-2020-23064",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-23064"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2023-23931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
},
{
"name": "CVE-2015-7182",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7182"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2018-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16335"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2021-36770",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36770"
},
{
"name": "CVE-2020-19144",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19144"
},
{
"name": "CVE-2023-3164",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3164"
},
{
"name": "CVE-2022-3597",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3597"
},
{
"name": "CVE-2024-27983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
},
{
"name": "CVE-2017-12627",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12627"
},
{
"name": "CVE-2018-17101",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17101"
},
{
"name": "CVE-2023-50291",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50291"
},
{
"name": "CVE-2014-1568",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1568"
},
{
"name": "CVE-2020-26261",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26261"
},
{
"name": "CVE-2023-24816",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24816"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2023-0801",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0801"
},
{
"name": "CVE-2022-4645",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4645"
},
{
"name": "CVE-2019-17546",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17546"
},
{
"name": "CVE-2022-2869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2869"
},
{
"name": "CVE-2022-3479",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3479"
},
{
"name": "CVE-2023-40745",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40745"
},
{
"name": "CVE-2024-27982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2020-15110",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15110"
},
{
"name": "CVE-2023-25435",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25435"
},
{
"name": "CVE-2024-37372",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37372"
},
{
"name": "CVE-2021-38153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38153"
},
{
"name": "CVE-2023-5156",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5156"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2017-18869",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18869"
},
{
"name": "CVE-2022-0562",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0562"
},
{
"name": "CVE-2023-38325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38325"
},
{
"name": "CVE-2019-11719",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11719"
},
{
"name": "CVE-2022-0891",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0891"
},
{
"name": "CVE-2018-7456",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7456"
},
{
"name": "CVE-2023-38288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38288"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2023-0799",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0799"
},
{
"name": "CVE-2019-17006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17006"
},
{
"name": "CVE-2020-12403",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12403"
},
{
"name": "CVE-2023-6237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
},
{
"name": "CVE-2023-6228",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6228"
},
{
"name": "CVE-2021-46848",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46848"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2023-0795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0795"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2023-50495",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50495"
},
{
"name": "CVE-2017-18013",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18013"
},
{
"name": "CVE-2023-25194",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25194"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2016-1938",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1938"
},
{
"name": "CVE-2017-11698",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11698"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2024-38337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38337"
},
{
"name": "CVE-2018-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12384"
},
{
"name": "CVE-2018-12404",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12404"
},
{
"name": "CVE-2019-14973",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14973"
},
{
"name": "CVE-2020-36191",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36191"
},
{
"name": "CVE-2024-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22018"
},
{
"name": "CVE-2023-0804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0804"
},
{
"name": "CVE-2023-30775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30775"
},
{
"name": "CVE-2023-0797",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0797"
},
{
"name": "CVE-2018-14041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
},
{
"name": "CVE-2023-1916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1916"
},
{
"name": "CVE-2024-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
},
{
"name": "CVE-2020-19131",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19131"
},
{
"name": "CVE-2015-7575",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7575"
},
{
"name": "CVE-2023-41175",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41175"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2018-5784",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5784"
},
{
"name": "CVE-2018-17000",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17000"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2023-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3576"
},
{
"name": "CVE-2023-4806",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4806"
},
{
"name": "CVE-2020-35523",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35523"
},
{
"name": "CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"name": "CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"name": "CVE-2022-34749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34749"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2020-19189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19189"
},
{
"name": "CVE-2022-0908",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0908"
},
{
"name": "CVE-2023-49083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
},
{
"name": "CVE-2024-36114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
},
{
"name": "CVE-2019-11745",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11745"
},
{
"name": "CVE-2019-11729",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11729"
},
{
"name": "CVE-2024-34102",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34102"
},
{
"name": "CVE-2019-11756",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11756"
},
{
"name": "CVE-2021-32862",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32862"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2024-4367",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4367"
},
{
"name": "CVE-2024-25016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25016"
},
{
"name": "CVE-2022-40090",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40090"
},
{
"name": "CVE-2023-25434",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25434"
},
{
"name": "CVE-2024-29896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29896"
},
{
"name": "CVE-2015-7181",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7181"
},
{
"name": "CVE-2020-18768",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-18768"
},
{
"name": "CVE-2022-34526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34526"
},
{
"name": "CVE-2022-2868",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2868"
},
{
"name": "CVE-2017-5461",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5461"
},
{
"name": "CVE-2014-1569",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1569"
},
{
"name": "CVE-2020-12400",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12400"
},
{
"name": "CVE-2023-31130",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31130"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2017-11695",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11695"
},
{
"name": "CVE-2023-2908",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2908"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2020-6829",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6829"
},
{
"name": "CVE-2017-11697",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11697"
},
{
"name": "CVE-2023-0800",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0800"
},
{
"name": "CVE-2023-5388",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5388"
},
{
"name": "CVE-2024-27980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27980"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2024-51504",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51504"
},
{
"name": "CVE-2018-19210",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19210"
},
{
"name": "CVE-2013-2099",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2099"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2019-10255",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10255"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"name": "CVE-2020-35524",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35524"
},
{
"name": "CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"name": "CVE-2024-36137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36137"
},
{
"name": "CVE-2020-35522",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35522"
},
{
"name": "CVE-2022-3570",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3570"
},
{
"name": "CVE-2017-11696",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11696"
},
{
"name": "CVE-2022-0561",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0561"
}
],
"initial_release_date": "2024-12-20T00:00:00",
"last_revision_date": "2024-12-20T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-1103",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-12-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7177142",
"url": "https://www.ibm.com/support/pages/node/7177142"
},
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7177223",
"url": "https://www.ibm.com/support/pages/node/7177223"
},
{
"published_at": "2024-12-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7179044",
"url": "https://www.ibm.com/support/pages/node/7179044"
},
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7179156",
"url": "https://www.ibm.com/support/pages/node/7179156"
},
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7179166",
"url": "https://www.ibm.com/support/pages/node/7179166"
},
{
"published_at": "2024-12-13",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7178835",
"url": "https://www.ibm.com/support/pages/node/7178835"
}
]
}
CERTFR-2019-AVI-634
Vulnerability from certfr_avis - Published: 2019-12-16 - Updated: 2019-12-16
De multiples vulnérabilités ont été découvertes dans F5 BIG-IP. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
None| Vendor | Product | Description | ||
|---|---|---|---|---|
| F5 | BIG-IP | BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 14.1.x antérieures à 14.1.2.1 | ||
| F5 | BIG-IP | BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 13.1.x antérieures à 13.1.3.2 | ||
| F5 | BIG-IP | BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 12.1.x antérieures à 12.1.5 | ||
| F5 | BIG-IP | BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 14.0.x antérieures à 14.0.1.1 | ||
| F5 | BIG-IP | BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 11.x antérieures à 11.6.5.1 | ||
| F5 | BIG-IP | BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 15.1.x antérieures à 15.1.0 | ||
| F5 | BIG-IP | BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 15.0.x antérieures à 15.0.1.1 |
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 14.1.x ant\u00e9rieures \u00e0 14.1.2.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 13.1.x ant\u00e9rieures \u00e0 13.1.3.2",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 12.1.x ant\u00e9rieures \u00e0 12.1.5",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 14.0.x ant\u00e9rieures \u00e0 14.0.1.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 11.x ant\u00e9rieures \u00e0 11.6.5.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 15.1.x ant\u00e9rieures \u00e0 15.1.0",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
},
{
"description": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 15.0.x ant\u00e9rieures \u00e0 15.0.1.1",
"product": {
"name": "BIG-IP",
"vendor": {
"name": "F5",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-10883",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10883"
},
{
"name": "CVE-2019-6667",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6667"
},
{
"name": "CVE-2019-6671",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6671"
},
{
"name": "CVE-2019-9512",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9512"
},
{
"name": "CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"name": "CVE-2019-6664",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6664"
}
],
"initial_release_date": "2019-12-16T00:00:00",
"last_revision_date": "2019-12-16T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-634",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-12-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans F5 BIG-IP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni\nde service \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans F5 BIG-IP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K39225055 du 12 d\u00e9cembre 2019",
"url": "https://support.f5.com/csp/article/K39225055"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K82781208 du 13 d\u00e9cembre 2019",
"url": "https://support.f5.com/csp/article/K82781208"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K94735334 du 12 d\u00e9cembre 2019",
"url": "https://support.f5.com/csp/article/K94735334"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K24383845 du 12 d\u00e9cembre 2019",
"url": "https://support.f5.com/csp/article/K24383845"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K98053339 du 12 d\u00e9cembre 2019",
"url": "https://support.f5.com/csp/article/K98053339"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 F5 K03126093 du 12 d\u00e9cembre 2019",
"url": "https://support.f5.com/csp/article/K03126093"
}
]
}
CERTFR-2023-AVI-0428
Vulnerability from certfr_avis - Published: 2023-06-02 - Updated: 2023-06-02
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
None| Vendor | Product | Description | ||
|---|---|---|---|---|
| Splunk | N/A | Splunk Universal Forwarders versions 8.2.x antérieures à 8.2.11 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions antérieures à 8.1.14 | ||
| Splunk | N/A | Splunk App for Lookup File Editing versions antérieures à 4.0.1 | ||
| Splunk | N/A | Splunk App for Stream versions antérieures à 8.1.1 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.0.x antérieures à 9.0.5 | ||
| Splunk | N/A | Splunk Cloud versions antérieures à 9.0.2303.100 | ||
| Splunk | N/A | Splunk Universal Forwarders versions 9.0.x antérieures à 9.0.5 | ||
| Splunk | N/A | Splunk Universal Forwarders versions antérieures à 8.1.14 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 8.2.x antérieures à 8.2.11 |
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Splunk Universal Forwarders versions 8.2.x ant\u00e9rieures \u00e0 8.2.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk App for Lookup File Editing versions ant\u00e9rieures \u00e0 4.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk App for Stream versions ant\u00e9rieures \u00e0 8.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.0.x ant\u00e9rieures \u00e0 9.0.5",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud versions ant\u00e9rieures \u00e0 9.0.2303.100",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Universal Forwarders versions 9.0.x ant\u00e9rieures \u00e0 9.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Universal Forwarders versions ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 8.2.x ant\u00e9rieures \u00e0 8.2.11",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-22898",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22898"
},
{
"name": "CVE-2022-35252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
},
{
"name": "CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"name": "CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"name": "CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2022-27191",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27191"
},
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2020-8169",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8169"
},
{
"name": "CVE-2020-7753",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7753"
},
{
"name": "CVE-2022-27781",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27781"
},
{
"name": "CVE-2021-22925",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22925"
},
{
"name": "CVE-2020-8116",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8116"
},
{
"name": "CVE-2022-35260",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35260"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2021-33502",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33502"
},
{
"name": "CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"name": "CVE-2020-8285",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8285"
},
{
"name": "CVE-2021-22901",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22901"
},
{
"name": "CVE-2022-27778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27778"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2021-33503",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33503"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2023-32715",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32715"
},
{
"name": "CVE-2022-32207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
},
{
"name": "CVE-2022-37603",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2022-27776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
},
{
"name": "CVE-2022-42916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
},
{
"name": "CVE-2020-8286",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8286"
},
{
"name": "CVE-2020-7774",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7774"
},
{
"name": "CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"name": "CVE-2022-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
},
{
"name": "CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"name": "CVE-2020-8177",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8177"
},
{
"name": "CVE-2021-27292",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27292"
},
{
"name": "CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"name": "CVE-2021-22924",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22924"
},
{
"name": "CVE-2022-33987",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33987"
},
{
"name": "CVE-2022-43552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
},
{
"name": "CVE-2023-32717",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32717"
},
{
"name": "CVE-2021-22947",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22947"
},
{
"name": "CVE-2021-22922",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22922"
},
{
"name": "CVE-2022-22576",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
},
{
"name": "CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"name": "CVE-2023-32708",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32708"
},
{
"name": "CVE-2021-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
},
{
"name": "CVE-2020-8284",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8284"
},
{
"name": "CVE-2023-23915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
},
{
"name": "CVE-2022-41720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41720"
},
{
"name": "CVE-2022-41716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
},
{
"name": "CVE-2022-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"name": "CVE-2021-33587",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33587"
},
{
"name": "CVE-2021-3520",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3520"
},
{
"name": "CVE-2022-36227",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36227"
},
{
"name": "CVE-2020-13822",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13822"
},
{
"name": "CVE-2021-36976",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36976"
},
{
"name": "CVE-2023-27535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27535"
},
{
"name": "CVE-2022-27775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27775"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2023-23914",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
},
{
"name": "CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"name": "CVE-2022-27774",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27774"
},
{
"name": "CVE-2022-37601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
},
{
"name": "CVE-2021-20095",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20095"
},
{
"name": "CVE-2022-40303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40303"
},
{
"name": "CVE-2019-10744",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10744"
},
{
"name": "CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"name": "CVE-2021-23382",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23382"
},
{
"name": "CVE-2023-32716",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32716"
},
{
"name": "CVE-2022-42915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42915"
},
{
"name": "CVE-2022-32221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2021-22897",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22897"
},
{
"name": "CVE-2023-32711",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32711"
},
{
"name": "CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"name": "CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"name": "CVE-2021-3803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3803"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2022-32205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
},
{
"name": "CVE-2023-27534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
},
{
"name": "CVE-2023-27536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27536"
},
{
"name": "CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"name": "CVE-2022-43551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2022-40023",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40023"
},
{
"name": "CVE-2023-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
},
{
"name": "CVE-2022-43680",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43680"
},
{
"name": "CVE-2020-8231",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8231"
},
{
"name": "CVE-2022-27779",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27779"
},
{
"name": "CVE-2021-31566",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31566"
},
{
"name": "CVE-2023-32712",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32712"
},
{
"name": "CVE-2022-4200",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4200"
},
{
"name": "CVE-2023-27538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27538"
},
{
"name": "CVE-2022-30634",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30634"
},
{
"name": "CVE-2021-23343",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23343"
},
{
"name": "CVE-2022-35737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
},
{
"name": "CVE-2020-8203",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8203"
},
{
"name": "CVE-2023-32710",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32710"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2019-20149",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20149"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2017-16042",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16042"
},
{
"name": "CVE-2021-22926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22926"
},
{
"name": "CVE-2022-30580",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30580"
},
{
"name": "CVE-2021-22890",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22890"
},
{
"name": "CVE-2023-32706",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32706"
},
{
"name": "CVE-2019-10746",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10746"
},
{
"name": "CVE-2022-40304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40304"
},
{
"name": "CVE-2022-29804",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29804"
},
{
"name": "CVE-2020-15138",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15138"
},
{
"name": "CVE-2021-22923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22923"
},
{
"name": "CVE-2022-37599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
},
{
"name": "CVE-2021-23368",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23368"
},
{
"name": "CVE-2021-29060",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29060"
},
{
"name": "CVE-2021-43565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43565"
},
{
"name": "CVE-2023-32709",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32709"
},
{
"name": "CVE-2022-37616",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37616"
},
{
"name": "CVE-2022-30115",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30115"
},
{
"name": "CVE-2021-22876",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22876"
},
{
"name": "CVE-2020-7662",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7662"
},
{
"name": "CVE-2023-27537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27537"
},
{
"name": "CVE-2022-23491",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23491"
},
{
"name": "CVE-2022-27780",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27780"
},
{
"name": "CVE-2020-28469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
},
{
"name": "CVE-2021-22945",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22945"
},
{
"name": "CVE-2023-32707",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32707"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2023-32713",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32713"
},
{
"name": "CVE-2022-25858",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25858"
},
{
"name": "CVE-2023-32714",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32714"
},
{
"name": "CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
}
],
"initial_release_date": "2023-06-02T00:00:00",
"last_revision_date": "2023-06-02T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0428",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-06-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits \u003cspan\nclass=\"textit\"\u003eSplunk\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par\nl\u0027\u00e9diteur, une ex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0603 du 01 juin 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0603"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0609 du 01 juin 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0609"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0607 du 01 juin 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0607"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0602 du 01 juin 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0602"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0613 du 01 juin 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0613"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0608 du 01 juin 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0608"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0610 du 01 juin 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0610"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0611 du 01 juin 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0611"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0614 du 01 juin 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0614"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0601 du 01 juin 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0601"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0605 du 01 juin 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0605"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0606 du 01 juin 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0606"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0615 du 01 juin 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0615"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0604 du 01 juin 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0604"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2023-0612 du 01 juin 2023",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0612"
}
]
}
CERTFR-2024-AVI-1015
Vulnerability from certfr_avis - Published: 2024-11-22 - Updated: 2024-11-22
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Les vulnérabilités CVE-2024-47875 et CVE-2024-45801 n'ont pas de correctif pour Sterling Connect:Direct Web Services versions 6.1.x et 6.2.x
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar | QRadar Pre-Validation App versions antérieures à 2.0.1 | ||
| IBM | QRadar | QRadar Pulse App versions antérieures à 2.2.15 | ||
| IBM | WebSphere | WebSphere Hybrid Edition sans le correctif APAR PH63533 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.2.x antérieures à 6.2.0.25 | ||
| IBM | AIX | AIX version 7.3 sans le correctif bind_fix27/73bind918.tar | ||
| IBM | VIOS | VIOS version 3.1 sans le correctif bind_fix27/72bind918.tar | ||
| IBM | WebSphere | WebSphere Application Server Liberty sans le correctif APAR PH63533 | ||
| IBM | Cloud Pak System | Cloud Pak System versions antérieures à 2.3.5.0 pour Power avec le correctif PH60195/PH61002 | ||
| IBM | AIX | AIX version 7.2 sans le correctif bind_fix27/72bind918.tar | ||
| IBM | VIOS | VIOS version 4.1 sans le correctif bind_fix27/73bind918.tar | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.1.x antérieures à 6.1.0.26 | ||
| IBM | Cloud Pak System | Cloud Pak System versions antérieures à 2.3.4.1 pour Intel avec le correctif PH60195/PH61002 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.3.x antérieures à 6.3.0.11 | ||
| IBM | QRadar | QRadar User Behavior Analytics versions antérieures à 4.1.17 |
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QRadar Pre-Validation App versions ant\u00e9rieures \u00e0 2.0.1",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Pulse App versions ant\u00e9rieures \u00e0 2.2.15",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Hybrid Edition sans le correctif APAR PH63533",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.25",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX version 7.3 sans le correctif bind_fix27/73bind918.tar",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS version 3.1 sans le correctif bind_fix27/72bind918.tar",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server Liberty sans le correctif APAR PH63533",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak System versions ant\u00e9rieures \u00e0 2.3.5.0 pour Power avec le correctif PH60195/PH61002",
"product": {
"name": "Cloud Pak System",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX version 7.2 sans le correctif bind_fix27/72bind918.tar",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS version 4.1 sans le correctif bind_fix27/73bind918.tar",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.26",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak System versions ant\u00e9rieures \u00e0 2.3.4.1 pour Intel avec le correctif PH60195/PH61002",
"product": {
"name": "Cloud Pak System",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.11",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar User Behavior Analytics versions ant\u00e9rieures \u00e0 4.1.17",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "Les vuln\u00e9rabilit\u00e9s CVE-2024-47875 et CVE-2024-45801 n\u0027ont pas de correctif pour Sterling Connect:Direct Web Services versions 6.1.x et 6.2.x",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"name": "CVE-2024-43788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43788"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2024-47831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47831"
},
{
"name": "CVE-2024-4076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4076"
},
{
"name": "CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"name": "CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"name": "CVE-2024-34351",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34351"
},
{
"name": "CVE-2024-34069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34069"
},
{
"name": "CVE-2024-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
},
{
"name": "CVE-2024-0760",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0760"
},
{
"name": "CVE-2024-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"name": "CVE-2018-20676",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20676"
},
{
"name": "CVE-2024-1135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1135"
},
{
"name": "CVE-2024-46982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46982"
},
{
"name": "CVE-2018-20677",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20677"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2024-45801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2024-5569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5569"
},
{
"name": "CVE-2024-47875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
},
{
"name": "CVE-2018-14041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
},
{
"name": "CVE-2024-43800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
},
{
"name": "CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"name": "CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"name": "CVE-2024-34064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2024-22354",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22354"
},
{
"name": "CVE-2024-39689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39689"
},
{
"name": "CVE-2023-26159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
}
],
"initial_release_date": "2024-11-22T00:00:00",
"last_revision_date": "2024-11-22T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-1015",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-11-20",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7176657",
"url": "https://www.ibm.com/support/pages/node/7176657"
},
{
"published_at": "2024-11-20",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7176642",
"url": "https://www.ibm.com/support/pages/node/7176642"
},
{
"published_at": "2024-11-20",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7176660",
"url": "https://www.ibm.com/support/pages/node/7176660"
},
{
"published_at": "2024-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7176201",
"url": "https://www.ibm.com/support/pages/node/7176201"
},
{
"published_at": "2024-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7176391",
"url": "https://www.ibm.com/support/pages/node/7176391"
},
{
"published_at": "2024-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7176392",
"url": "https://www.ibm.com/support/pages/node/7176392"
},
{
"published_at": "2024-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7176386",
"url": "https://www.ibm.com/support/pages/node/7176386"
},
{
"published_at": "2024-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7176389",
"url": "https://www.ibm.com/support/pages/node/7176389"
},
{
"published_at": "2024-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7176451",
"url": "https://www.ibm.com/support/pages/node/7176451"
},
{
"published_at": "2024-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7176388",
"url": "https://www.ibm.com/support/pages/node/7176388"
},
{
"published_at": "2024-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7176205",
"url": "https://www.ibm.com/support/pages/node/7176205"
}
]
}
CERTFR-2021-AVI-571
Vulnerability from certfr_avis - Published: 2021-07-23 - Updated: 2021-07-23
De multiples vulnérabilités ont été découvertes dans Tenable. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
None| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tenable.sc versions ant\u00e9rieures \u00e0 5.19.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"name": "CVE-2020-7060",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7060"
},
{
"name": "CVE-2019-11048",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11048"
},
{
"name": "CVE-2020-13434",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13434"
},
{
"name": "CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"name": "CVE-2020-13632",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13632"
},
{
"name": "CVE-2019-11041",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11041"
},
{
"name": "CVE-2020-7071",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7071"
},
{
"name": "CVE-2019-11045",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11045"
},
{
"name": "CVE-2021-21704",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21704"
},
{
"name": "CVE-2020-7070",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7070"
},
{
"name": "CVE-2020-7069",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7069"
},
{
"name": "CVE-2019-11046",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11046"
},
{
"name": "CVE-2020-7063",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7063"
},
{
"name": "CVE-2020-13630",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13630"
},
{
"name": "CVE-2019-19646",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19646"
},
{
"name": "CVE-2018-20676",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20676"
},
{
"name": "CVE-2021-21705",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21705"
},
{
"name": "CVE-2019-19919",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19919"
},
{
"name": "CVE-2021-23358",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23358"
},
{
"name": "CVE-2020-11656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11656"
},
{
"name": "CVE-2020-7068",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7068"
},
{
"name": "CVE-2018-20677",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20677"
},
{
"name": "CVE-2019-11044",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11044"
},
{
"name": "CVE-2020-7064",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7064"
},
{
"name": "CVE-2020-15358",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
},
{
"name": "CVE-2017-5661",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5661"
},
{
"name": "CVE-2019-11047",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11047"
},
{
"name": "CVE-2020-7067",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7067"
},
{
"name": "CVE-2020-7062",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7062"
},
{
"name": "CVE-2020-13631",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13631"
},
{
"name": "CVE-2019-11043",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11043"
},
{
"name": "CVE-2020-7065",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7065"
},
{
"name": "CVE-2019-11050",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11050"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2020-7066",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7066"
},
{
"name": "CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"name": "CVE-2019-19645",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19645"
},
{
"name": "CVE-2020-11655",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11655"
},
{
"name": "CVE-2019-16168",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16168"
},
{
"name": "CVE-2020-7061",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7061"
},
{
"name": "CVE-2020-7059",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7059"
},
{
"name": "CVE-2019-11042",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11042"
},
{
"name": "CVE-2019-11049",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11049"
},
{
"name": "CVE-2021-21702",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21702"
},
{
"name": "CVE-2020-13435",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13435"
},
{
"name": "CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
}
],
"initial_release_date": "2021-07-23T00:00:00",
"last_revision_date": "2021-07-23T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-571",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-07-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\ninjection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2021-14 du 22 juillet 2021",
"url": "https://www.tenable.com/security/tns-2021-14"
}
]
}
FKIE_CVE-2019-8331
Vulnerability from fkie_nvd - Published: 2019-02-20 16:29 - Updated: 2026-06-17 02:41| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2019/May/10 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2019/May/11 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2019/May/13 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/107375 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:1456 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:3023 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:3024 | Third Party Advisory | |
| cve@mitre.org | https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/ | Vendor Advisory | |
| cve@mitre.org | https://github.com/twbs/bootstrap/pull/28236 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/twbs/bootstrap/releases/tag/v3.4.1 | Product, Third Party Advisory | |
| cve@mitre.org | https://github.com/twbs/bootstrap/releases/tag/v4.3.1 | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E | ||
| cve@mitre.org | https://seclists.org/bugtraq/2019/May/18 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://support.f5.com/csp/article/K24383845 | Third Party Advisory | |
| cve@mitre.org | https://support.f5.com/csp/article/K24383845?utm_source=f5support&%3Butm_medium=RSS | ||
| cve@mitre.org | https://www.oracle.com/security-alerts/cpuApr2021.html | Third Party Advisory | |
| cve@mitre.org | https://www.tenable.com/security/tns-2021-14 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/May/10 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/May/11 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/May/13 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/107375 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:1456 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3023 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3024 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/twbs/bootstrap/pull/28236 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/twbs/bootstrap/releases/tag/v3.4.1 | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/twbs/bootstrap/releases/tag/v4.3.1 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2019/May/18 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K24383845 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K24383845?utm_source=f5support&%3Butm_medium=RSS | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuApr2021.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/tns-2021-14 | Patch, Third Party Advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| getbootstrap | bootstrap | * | |
| getbootstrap | bootstrap | * | |
| f5 | big-ip_access_policy_manager | * | |
| f5 | big-ip_access_policy_manager | * | |
| f5 | big-ip_access_policy_manager | * | |
| f5 | big-ip_access_policy_manager | * | |
| f5 | big-ip_advanced_firewall_manager | * | |
| f5 | big-ip_advanced_firewall_manager | * | |
| f5 | big-ip_advanced_firewall_manager | * | |
| f5 | big-ip_advanced_firewall_manager | * | |
| f5 | big-ip_analytics | * | |
| f5 | big-ip_analytics | * | |
| f5 | big-ip_analytics | * | |
| f5 | big-ip_analytics | * | |
| f5 | big-ip_application_acceleration_manager | * | |
| f5 | big-ip_application_acceleration_manager | * | |
| f5 | big-ip_application_acceleration_manager | * | |
| f5 | big-ip_application_acceleration_manager | * | |
| f5 | big-ip_application_security_manager | * | |
| f5 | big-ip_application_security_manager | * | |
| f5 | big-ip_application_security_manager | * | |
| f5 | big-ip_application_security_manager | * | |
| f5 | big-ip_domain_name_system | * | |
| f5 | big-ip_domain_name_system | * | |
| f5 | big-ip_domain_name_system | * | |
| f5 | big-ip_domain_name_system | * | |
| f5 | big-ip_edge_gateway | * | |
| f5 | big-ip_edge_gateway | * | |
| f5 | big-ip_edge_gateway | * | |
| f5 | big-ip_edge_gateway | * | |
| f5 | big-ip_fraud_protection_service | * | |
| f5 | big-ip_fraud_protection_service | * | |
| f5 | big-ip_fraud_protection_service | * | |
| f5 | big-ip_fraud_protection_service | * | |
| f5 | big-ip_global_traffic_manager | * | |
| f5 | big-ip_global_traffic_manager | * | |
| f5 | big-ip_global_traffic_manager | * | |
| f5 | big-ip_global_traffic_manager | * | |
| f5 | big-ip_link_controller | * | |
| f5 | big-ip_link_controller | * | |
| f5 | big-ip_link_controller | * | |
| f5 | big-ip_link_controller | * | |
| f5 | big-ip_local_traffic_manager | * | |
| f5 | big-ip_local_traffic_manager | * | |
| f5 | big-ip_local_traffic_manager | * | |
| f5 | big-ip_local_traffic_manager | * | |
| f5 | big-ip_policy_enforcement_manager | * | |
| f5 | big-ip_policy_enforcement_manager | * | |
| f5 | big-ip_policy_enforcement_manager | * | |
| f5 | big-ip_policy_enforcement_manager | * | |
| f5 | big-ip_webaccelerator | * | |
| f5 | big-ip_webaccelerator | * | |
| f5 | big-ip_webaccelerator | * | |
| f5 | big-ip_webaccelerator | * | |
| redhat | virtualization_manager | 4.3 | |
| tenable | tenable.sc | * |
{
"affected": [
{
"affectedData": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"source": "cve@mitre.org"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF0E68F9-B5C2-4419-8530-866FD2DABFB7",
"versionEndExcluding": "3.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA71059-1A13-4A57-B6DD-98A79FA0630E",
"versionEndExcluding": "4.3.1",
"versionStartIncluding": "4.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA130AF7-C25F-4C0B-ACAF-E7436C722431",
"versionEndExcluding": "12.1.5.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADEF9870-DBD7-4603-90B7-7BF14ED4B7C5",
"versionEndExcluding": "13.1.3.4",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "533D1068-0BF4-40ED-B28F-E98BF0F18454",
"versionEndExcluding": "14.1.2.5",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC5CA1E2-341C-42A9-88AC-E6C83DED0B9D",
"versionEndExcluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1845A169-7B6C-4B7D-B8FC-0245DC1B4EEF",
"versionEndExcluding": "12.1.5.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C8CEBF-CEE7-4D05-AB46-1F22C3C29889",
"versionEndExcluding": "13.1.3.4",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37BF8F88-0F8D-45F9-95FF-052434599267",
"versionEndExcluding": "14.1.2.5",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16EBA08B-8FBD-47BE-A5BE-F5145788E8CB",
"versionEndExcluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09F6EC13-4398-48CB-B999-14FABE281247",
"versionEndExcluding": "12.1.5.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF28DE16-F322-42DB-B0E6-67489DD258F6",
"versionEndExcluding": "13.1.3.4",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A5BC28E-1780-4BDF-AF73-3477CC983B6A",
"versionEndExcluding": "14.1.2.5",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9228FA0A-8745-4731-A214-5A8AC0AA902A",
"versionEndExcluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F3CFB0D-DDA1-4CFF-BAB4-96EF72F4F777",
"versionEndExcluding": "12.1.5.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4115BD48-6E2A-4321-8EB7-ACCDF6CC6321",
"versionEndExcluding": "13.1.3.4",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1261AE74-41AF-4848-9AD9-46918C46845B",
"versionEndExcluding": "14.1.2.5",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BC7ABB7-2FA9-42CA-9BEF-241A91F317FF",
"versionEndExcluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C21D1B2-2424-4A56-A179-431EDC41B929",
"versionEndExcluding": "12.1.5.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93521D73-6412-4E80-B210-65CA6DAC8EA4",
"versionEndExcluding": "13.1.3.4",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADFDF244-00AA-4BD9-A255-24CAF55CD6F0",
"versionEndExcluding": "14.1.2.5",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E08E3F72-4CEF-4607-8B27-515E6471B9D1",
"versionEndExcluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E69B6320-088E-445D-8863-34CF67F172F3",
"versionEndExcluding": "12.1.5.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA2F9FE-071E-411E-8E1F-3A8FA34D708F",
"versionEndExcluding": "13.1.3.4",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34683A8C-E7B3-4DC4-9934-A55A44181B18",
"versionEndExcluding": "14.1.2.5",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE59364-3DB3-4528-AFC4-D3A39872514D",
"versionEndExcluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7DEDB9D-58DB-45EB-91EA-8A6694E4F29A",
"versionEndExcluding": "12.1.5.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD847946-00F8-44BE-A9C1-2D3CAA1BD63C",
"versionEndExcluding": "13.1.3.4",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09B13A2F-D302-416C-916E-4642CC46D9F6",
"versionEndExcluding": "14.1.2.5",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EEA3324A-4661-4CCF-9E40-DD50162542A0",
"versionEndExcluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95EDA820-6FDE-44B9-89CE-B83847416CF4",
"versionEndExcluding": "12.1.5.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A077B3F-F587-47FA-912A-9816EADA9CFA",
"versionEndExcluding": "13.1.3.4",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F14E9A0-3E7E-440E-B323-BED2D3E3F221",
"versionEndExcluding": "14.1.2.5",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F14F10D9-4F2D-4C6D-8B0C-9775ED35DFEF",
"versionEndExcluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFF4B95E-40C6-4C8F-81BD-172A907CA5FD",
"versionEndExcluding": "12.1.5.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93F6D55C-8873-470A-9E93-42F6A2DDE07F",
"versionEndExcluding": "13.1.3.4",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F72B979A-B35A-464D-BCA1-2A5BD0A29886",
"versionEndExcluding": "14.1.2.5",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14CEF743-6C3B-4D90-99BF-6A27B37ADAEA",
"versionEndExcluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFA7EEBD-F6F6-4243-B57D-BE210D8E16CF",
"versionEndExcluding": "12.1.5.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "787DA0E4-D4A0-4622-8AC0-9386EE3F62B0",
"versionEndExcluding": "13.1.3.4",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC366757-92D1-49ED-A641-47139AEEF613",
"versionEndExcluding": "14.1.2.5",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "542EB351-79B1-4A9D-A5A1-2F3E0E88963C",
"versionEndExcluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "591EA641-C103-4575-97D5-15D41B20E581",
"versionEndExcluding": "12.1.5.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1BEC52-BC21-4996-A34F-4D9DF4D2F087",
"versionEndExcluding": "13.1.3.4",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CA439FF-659C-4F34-9CBD-76D95A96E063",
"versionEndExcluding": "14.1.2.5",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "895E610D-52F6-45CA-B205-D110A1DC6BEC",
"versionEndExcluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9866C62F-DA11-43B1-B475-A07B1B58933D",
"versionEndExcluding": "12.1.5.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12351892-247E-477C-8C50-E0DA37F6A716",
"versionEndExcluding": "13.1.3.4",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90D4E2C9-4353-49E7-B5C7-E9E7140F49AC",
"versionEndExcluding": "14.1.2.5",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B114C6C-E950-4B75-B341-022799ABBACF",
"versionEndExcluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC99D7B3-65E5-4C9E-9D34-FF9161295F86",
"versionEndExcluding": "12.1.5.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C6F80B-85DC-461E-9BF9-6EF41C467243",
"versionEndExcluding": "13.1.3.4",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0C65C13-C852-4A12-BFC0-A4DB201FFCAF",
"versionEndExcluding": "14.1.2.5",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57FD7F09-9829-42B0-913E-A43129AD758B",
"versionEndExcluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9FA1A18F-D997-4121-A01B-FD9B3BF266CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41DBA7C7-8084-45F6-B59D-13A9022C34DF",
"versionEndExcluding": "5.19.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute."
},
{
"lang": "es",
"value": "En Bootstrap, en versiones anteriores a la 3.4.1 y versiones 4.3.x anteriores a la 4.3.1, es posible Cross-Site Scripting (XSS) en los atributos de data-template tooltip o popover."
}
],
"id": "CVE-2019-8331",
"lastModified": "2026-06-17T02:41:51.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-20T16:29:00.837",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/May/13"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107375"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1456"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3023"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3024"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/twbs/bootstrap/pull/28236"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://github.com/twbs/bootstrap/releases/tag/v3.4.1"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/twbs/bootstrap/releases/tag/v4.3.1"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K24383845"
},
{
"source": "cve@mitre.org",
"url": "https://support.f5.com/csp/article/K24383845?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2021-14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/May/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/twbs/bootstrap/pull/28236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://github.com/twbs/bootstrap/releases/tag/v3.4.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/twbs/bootstrap/releases/tag/v4.3.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K24383845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K24383845?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2021-14"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-8331
Vulnerability from fstec - Published: 20.02.2019{
"CVSS 2.0": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., Getbootstrap, VMware Inc.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (Red Hat Single Sign-On), 4.3 (Red Hat Virtualization Engine), \u0434\u043e 3.4.1 (Bootstrap), \u043e\u0442 4.3.0 \u0434\u043e 4.3.1 (Bootstrap), \u043e\u0442 2.4 \u0434\u043e 2.4.5 (Ops Manager), \u043e\u0442 2.3 \u0434\u043e 2.3.11 (Ops Manager), \u043e\u0442 2.2 \u0434\u043e 2.2.19 (Ops Manager)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Bootstrap:\nhttps://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/\nhttps://github.com/twbs/bootstrap/pull/28236\nhttps://github.com/twbs/bootstrap/releases/tag/v3.4.1\nhttps://github.com/twbs/bootstrap/releases/tag/v4.3.1\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/errata/RHSA-2019:1456\nhttps://access.redhat.com/errata/RHSA-2019:3023\nhttps://access.redhat.com/errata/RHSA-2019:3024\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 VMware Inc.:\nhttps://tanzu.vmware.com/security/cve-2019-8331",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "20.02.2019",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.05.2020",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "21.05.2020",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-02249",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-8331",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Single Sign-On, Red Hat Virtualization Engine, Bootstrap, Ops Manager",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u0432 tooltip \u0438 popover \u043d\u0430\u0431\u043e\u0440\u0430 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0441\u0430\u0439\u0442\u043e\u0432 \u0438 \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 Bootstrap, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b (\u0438\u043b\u0438 \\\u00ab\u041c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u0430\u044f \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u0430\u044f \u0430\u0442\u0430\u043a\u0430\\\u00bb) (CWE-79)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u0432 tooltip \u0438 popover \u043d\u0430\u0431\u043e\u0440\u0430 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0441\u0430\u0439\u0442\u043e\u0432 \u0438 \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 Bootstrap \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://access.redhat.com/security/cve/cve-2019-8331\nhttps://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E \nhttps://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E \nhttps://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E \nhttps://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E \nhttps://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E \nhttps://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E \nhttps://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E \nhttps://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E\nhttps://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/\nhttps://github.com/twbs/bootstrap/pull/28236\nhttps://github.com/twbs/bootstrap/releases/tag/v3.4.1\nhttps://github.com/twbs/bootstrap/releases/tag/v4.3.1\nhttps://access.redhat.com/errata/RHSA-2019:1456\nhttps://access.redhat.com/errata/RHSA-2019:3023\nhttps://access.redhat.com/errata/RHSA-2019:3024\nhttps://tanzu.vmware.com/security/cve-2019-8331",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-79",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,1)"
}
GHSA-9V3M-8FP8-MJ99
Vulnerability from github – Published: 2019-02-22 20:54 – Updated: 2026-06-02 22:01Versions of bootstrap prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting (XSS). The data-template attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript.
Recommendation
For bootstrap 4.x upgrade to 4.3.1 or later.
For bootstrap 3.x upgrade to 3.4.1 or later.
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "bootstrap"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.3.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "bootstrap-sass"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.4.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Bootstrap.Less"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.4.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "bootstrap"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.3.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "bootstrap"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.4.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "bootstrap.sass"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.3.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "bootstrap"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.3.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "bootstrap"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.4.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "bootstrap-sass"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.4.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "twitter-bootstrap-rails"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.3.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.webjars:bootstrap"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.4.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.webjars:bootstrap"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.3.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "twbs/bootstrap"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.4.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "twbs/bootstrap"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.3.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-8331"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:29:39Z",
"nvd_published_at": "2019-02-20T16:29:00Z",
"severity": "MODERATE"
},
"details": "Versions of `bootstrap` prior to 3.4.1 for 3.x and 4.3.1 for 4.x are vulnerable to Cross-Site Scripting (XSS). The `data-template` attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript.\n\n\n## Recommendation\n\nFor `bootstrap` 4.x upgrade to 4.3.1 or later.\nFor `bootstrap` 3.x upgrade to 3.4.1 or later.",
"id": "GHSA-9v3m-8fp8-mj99",
"modified": "2026-06-02T22:01:57Z",
"published": "2019-02-22T20:54:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8331"
},
{
"type": "WEB",
"url": "https://github.com/twbs/bootstrap/pull/28236"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e%40%3Cdev.superset.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714%40%3Cissues.hbase.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K24383845"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K24383845?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K24383845?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20200227083900/http://www.securityfocus.com/bid/107375"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2021-14"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:1456"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3023"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3024"
},
{
"type": "WEB",
"url": "https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1"
},
{
"type": "WEB",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8331"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-9v3m-8fp8-mj99"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2019-8331.yml"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/twitter-bootstrap-rails/CVE-2019-8331.yml"
},
{
"type": "WEB",
"url": "https://github.com/seyhunak/twitter-bootstrap-rails/tree/master/app/assets/javascripts/twitter/bootstrap"
},
{
"type": "PACKAGE",
"url": "https://github.com/twbs/bootstrap"
},
{
"type": "WEB",
"url": "https://github.com/twbs/bootstrap/releases/tag/v3.4.1"
},
{
"type": "WEB",
"url": "https://github.com/twbs/bootstrap/releases/tag/v4.3.1"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/May/13"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Bootstrap Vulnerable to Cross-Site Scripting"
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.