Vulnerability-Lookup

CVE-2023-37536 (GCVE-0-2023-37536)

Vulnerability from cvelistv5 – Published: 2023-10-11 06:46 – Updated: 2025-02-13 17:01

Title

HCL BigFix Platform is vulnerable to an integer overflow in xerces-c++ 3.2.3

Summary

An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.

Severity ?

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H

CWE

CWE-680 - Integer Overflow to Buffer Overflow

Assigner

HCL

References

URL

Tags

	https://support.hcltechsw.com/csm?id=kb_article&s…
	https://lists.fedoraproject.org/archives/list/pac…
	https://lists.fedoraproject.org/archives/list/pac…
	https://lists.fedoraproject.org/archives/list/pac…
	https://lists.debian.org/debian-lts-announce/2023…

Impacted products

	Vendor	Product	Version
	HCL Software	BigFix Platform	Affected: 9.5 - 9.5.22, 10 - 10.0.9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:hcltech:bigfix_platform:10:*:*:*:*:*:*:*",
              "cpe:2.3:a:hcltech:bigfix_platform:9.5:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "bigfix_platform",
            "vendor": "hcltech",
            "versions": [
              {
                "lessThanOrEqual": "9.5.22",
                "status": "affected",
                "version": "10",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "10.0.9",
                "status": "affected",
                "version": "9.5",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
              "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
              "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fedora",
            "vendor": "fedoraproject",
            "versions": [
              {
                "status": "affected",
                "version": "37"
              },
              {
                "status": "affected",
                "version": "38"
              },
              {
                "status": "affected",
                "version": "39"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:apache:xerces-c\\+\\+:3.2.2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "xerces-c\\+\\+",
            "vendor": "apache",
            "versions": [
              {
                "status": "affected",
                "version": "3.2.2"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-37536",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-19T03:55:41.734161Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-680",
                "description": "CWE-680 Integer Overflow to Buffer Overflow",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-19T13:05:26.588Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:16:30.600Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107791"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BigFix Platform",
          "vendor": "HCL Software",
          "versions": [
            {
              "status": "affected",
              "version": "9.5 - 9.5.22, 10 - 10.0.9"
            }
          ]
        }
      ],
      "datePublic": "2023-09-28T18:26:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.\u003c/span\u003e"
            }
          ],
          "value": "An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-31T14:06:26.448Z",
        "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "shortName": "HCL"
      },
      "references": [
        {
          "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107791"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "HCL BigFix Platform is vulnerable to an integer overflow in xerces-c++ 3.2.3",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
    "assignerShortName": "HCL",
    "cveId": "CVE-2023-37536",
    "datePublished": "2023-10-11T06:46:01.750Z",
    "dateReserved": "2023-07-06T16:29:45.713Z",
    "dateUpdated": "2025-02-13T17:01:28.350Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107791\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T17:16:30.600Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-37536\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-19T03:55:41.734161Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:hcltech:bigfix_platform:10:*:*:*:*:*:*:*\", \"cpe:2.3:a:hcltech:bigfix_platform:9.5:*:*:*:*:*:*:*\"], \"vendor\": \"hcltech\", \"product\": \"bigfix_platform\", \"versions\": [{\"status\": \"affected\", \"version\": \"10\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"9.5.22\"}, {\"status\": \"affected\", \"version\": \"9.5\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.0.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\", \"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\", \"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\"], \"vendor\": \"fedoraproject\", \"product\": \"fedora\", \"versions\": [{\"status\": \"affected\", \"version\": \"37\"}, {\"status\": \"affected\", \"version\": \"38\"}, {\"status\": \"affected\", \"version\": \"39\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:apache:xerces-c\\\\+\\\\+:3.2.2:*:*:*:*:*:*:*\"], \"vendor\": \"apache\", \"product\": \"xerces-c\\\\+\\\\+\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.2.2\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-680\", \"description\": \"CWE-680 Integer Overflow to Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-19T13:01:14.287Z\"}}], \"cna\": {\"title\": \"HCL BigFix Platform is vulnerable to an integer overflow in xerces-c++ 3.2.3\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"HCL Software\", \"product\": \"BigFix Platform\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.5 - 9.5.22, 10 - 10.0.9\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2023-09-28T18:26:00.000Z\", \"references\": [{\"url\": \"https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107791\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eAn integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.\u003c/span\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"1e47fe04-f25f-42fa-b674-36de2c5e3cfc\", \"shortName\": \"HCL\", \"dateUpdated\": \"2023-10-11T06:46:01.750Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-37536\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T17:16:30.600Z\", \"dateReserved\": \"2023-07-06T16:29:45.713Z\", \"assignerOrgId\": \"1e47fe04-f25f-42fa-b674-36de2c5e3cfc\", \"datePublished\": \"2023-10-11T06:46:01.750Z\", \"assignerShortName\": \"HCL\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CVE-2023-37536

Vulnerability from fstec - Published: 11.10.2023

Title

Уязвимость библиотеки Хerces C++ платформы совместного управления ИТ-оборудованием BigFix Platform, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость библиотеки Хerces C++ платформы совместного управления ИТ-оборудованием BigFix Platform вызвана целочисленным переполнением. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код путем отправки специально сформированного HTTP-запроса

Severity ?


                    
                      AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H

Vendor

Red Hat Inc., ООО «Ред Софт», ООО «РусБИТех-Астра», АО «НТЦ ИТ РОСА», Apache Software Foundation, HCL Technologies, АО "НППКТ"

Software Name

Red Hat Enterprise Linux, РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition (запись в едином реестре российских программ №369), РОСА Кобальт (запись в едином реестре российских программ №1999), Xerces C++, BigFix Platform, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)

Software Version

6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 7.9 (РОСА Кобальт), 3.2.3 (Xerces C++), от 9.0.0 до 9.5.23 (BigFix Platform), от 10.0.0 до 10.0.10 (BigFix Platform), до 2.10 (ОСОН ОСнова Оnyx)

Possible Mitigations

Компенсирующие меры: - использование средств межсетевого экранирования и средств обнаружения и предотвращения вторжений (IDS/IPS) для отслеживания подключений к устройству; - ограничение доступа к устройству из внешних сетей (Интернет); - использование виртуальных частных сетей для организации удаленного доступа (VPN). Использование рекомендаций: Для BigFix Platform: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107791 Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/cve-2023-37536 Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ Для ОСОН ОСнова Оnyx (версия 2.10): Обновление программного обеспечения xerces-c до версии 3.2.2+debian-1+deb10u2 Для ОС Astra Linux: обновить пакет xerces-c до 3.2.2+debian-1+deb10u2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17 Для Astra Linux Special Edition 4.7 для архитектуры ARM: обновить пакет xerces-c до 3.2.2+debian-1+deb10u2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47 Для ОС РОСА "КОБАЛЬТ": https://abf.rosa.ru/advisories/ROSA-SA-2025-2562 Для ОС РОСА "КОБАЛЬТ": https://abf.rosa.ru/advisories/ROSA-SA-2025-2562

Reference

https://access.redhat.com/security/cve/cve-2023-37536 https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107791 https://vuldb.com/ru/?id.241902 http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.10/ https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47 https://abf.rosa.ru/advisories/ROSA-SA-2025-2562 https://abf.rosa.ru/advisories/ROSA-SA-2025-2562

CWE

CWE-190

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:S/C:P/I:P/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb, Apache Software Foundation, HCL Technologies, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 7.9 (\u0420\u041e\u0421\u0410 \u041a\u043e\u0431\u0430\u043b\u044c\u0442), 3.2.3 (Xerces C++), \u043e\u0442 9.0.0 \u0434\u043e 9.5.23 (BigFix Platform), \u043e\u0442 10.0.0 \u0434\u043e 10.0.10 (BigFix Platform), \u0434\u043e 2.10 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439 (IDS/IPS) \u0434\u043b\u044f \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0439 \u043a \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0443;\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0443 \u0438\u0437 \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u0441\u0435\u0442\u0435\u0439 (\u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442);\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439 \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (VPN).\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f BigFix Platform:\nhttps://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107791\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2023-37536\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0432\u0435\u0440\u0441\u0438\u044f 2.10):\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f xerces-c \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 3.2.2+debian-1+deb10u2\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 xerces-c \u0434\u043e 3.2.2+debian-1+deb10u2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7 \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 xerces-c \u0434\u043e 3.2.2+debian-1+deb10u2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47\n\n\u0414\u043b\u044f \u041e\u0421 \u0420\u041e\u0421\u0410 \"\u041a\u041e\u0411\u0410\u041b\u042c\u0422\": https://abf.rosa.ru/advisories/ROSA-SA-2025-2562\n\n\u0414\u043b\u044f \u041e\u0421 \u0420\u041e\u0421\u0410 \"\u041a\u041e\u0411\u0410\u041b\u042c\u0422\": https://abf.rosa.ru/advisories/ROSA-SA-2025-2562",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "11.10.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "05.03.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "21.10.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-06960",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-37536",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0420\u041e\u0421\u0410 \u041a\u043e\u0431\u0430\u043b\u044c\u0442 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161999), Xerces C++, BigFix Platform, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 6 , Red Hat Inc. Red Hat Enterprise Linux 7 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb \u0420\u041e\u0421\u0410 \u041a\u043e\u0431\u0430\u043b\u044c\u0442 7.9  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161999), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.10  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0425erces C++ \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0418\u0422-\u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u0435\u043c BigFix Platform, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0426\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0438\u043b\u0438 \u0446\u0438\u043a\u043b\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0441\u0434\u0432\u0438\u0433 (CWE-190)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0425erces C++ \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0418\u0422-\u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u0435\u043c BigFix Platform \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u043c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u043f\u0443\u0442\u0435\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u0430",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://access.redhat.com/security/cve/cve-2023-37536\nhttps://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107791\nhttps://vuldb.com/ru/?id.241902\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.10/\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2562\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2562",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-190",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,2)"
}

CERTFR-2024-AVI-0903

Vulnerability from certfr_avis - Published: 2024-10-18 - Updated: 2024-10-18

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	N/A	WebSphere Application Server Liberty versions 20.0.12 à 24.0.0.10 sans le correctif de sécurité PH63533 ou antérieures à 24.0.0.11 (disponibilité prévue pour le dernier trimestre 2024)
IBM	N/A	QRadar Incident Forensics versions 7.5.x antérieures à 7.5.0 UP10
IBM	N/A	Storage Protect Server versions 8.1.x antérieures à 8.1.24
IBM	N/A	Robotic Process Automation pour Cloud Pak versions 23.0.x antérieures à 23.0.18
IBM	N/A	QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP10
IBM	N/A	Robotic Process Automation versions 21.0..0.x antérieures à 21.0.7.18
IBM	N/A	Robotic Process Automation versions 23.0.x antérieures à 23.0.18
IBM	N/A	Robotic Process Automation pour Cloud Pak versions 21.0.0.x antérieures à 21.0.7.18
IBM	N/A	QRadar Network Capture versions 7.5.x antérieures à 7.5.0 Update Package 10

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7173421	2024-10-17	vendor-advisory
Bulletin de sécurité IBM 7173043	2024-10-14	vendor-advisory
Bulletin de sécurité IBM 7173420	2024-10-17	vendor-advisory
Bulletin de sécurité IBM 7173226	2024-10-16	vendor-advisory
Bulletin de sécurité IBM 7173224	2024-10-16	vendor-advisory
Bulletin de sécurité IBM 7173097	2024-10-15	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "WebSphere Application Server Liberty versions 20.0.12 \u00e0 24.0.0.10  sans le correctif de s\u00e9curit\u00e9 PH63533 ou ant\u00e9rieures \u00e0 24.0.0.11 (disponibilit\u00e9 pr\u00e9vue pour le dernier trimestre 2024)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Incident Forensics versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Storage Protect Server versions 8.1.x ant\u00e9rieures \u00e0 8.1.24",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Robotic Process Automation pour Cloud Pak versions 23.0.x ant\u00e9rieures \u00e0 23.0.18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Robotic Process Automation versions 21.0..0.x ant\u00e9rieures \u00e0 21.0.7.18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Robotic Process Automation versions 23.0.x ant\u00e9rieures \u00e0 23.0.18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Robotic Process Automation pour Cloud Pak versions 21.0.0.x ant\u00e9rieures \u00e0 21.0.7.18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Network Capture versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 Update Package 10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-37370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37370"
    },
    {
      "name": "CVE-2023-25577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25577"
    },
    {
      "name": "CVE-2023-37536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37536"
    },
    {
      "name": "CVE-2023-52675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52675"
    },
    {
      "name": "CVE-2024-26656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26656"
    },
    {
      "name": "CVE-2024-37891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
    },
    {
      "name": "CVE-2024-26974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26974"
    },
    {
      "name": "CVE-2022-48468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48468"
    },
    {
      "name": "CVE-2023-20592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20592"
    },
    {
      "name": "CVE-2018-1311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1311"
    },
    {
      "name": "CVE-2024-26585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26585"
    },
    {
      "name": "CVE-2024-23944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23944"
    },
    {
      "name": "CVE-2024-27397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27397"
    },
    {
      "name": "CVE-2020-25219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25219"
    },
    {
      "name": "CVE-2024-35854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35854"
    },
    {
      "name": "CVE-2024-28757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
    },
    {
      "name": "CVE-2023-52878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52878"
    },
    {
      "name": "CVE-2023-45853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
    },
    {
      "name": "CVE-2023-45178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45178"
    },
    {
      "name": "CVE-2024-5564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5564"
    },
    {
      "name": "CVE-2023-23934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23934"
    },
    {
      "name": "CVE-2021-42771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42771"
    },
    {
      "name": "CVE-2023-52669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52669"
    },
    {
      "name": "CVE-2024-31881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-31881"
    },
    {
      "name": "CVE-2024-36004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36004"
    },
    {
      "name": "CVE-2024-26859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26859"
    },
    {
      "name": "CVE-2022-38725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38725"
    },
    {
      "name": "CVE-2024-35959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35959"
    },
    {
      "name": "CVE-2024-35855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35855"
    },
    {
      "name": "CVE-2024-31880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-31880"
    },
    {
      "name": "CVE-2024-29025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
    },
    {
      "name": "CVE-2024-26801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26801"
    },
    {
      "name": "CVE-2024-36007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36007"
    },
    {
      "name": "CVE-2021-47311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47311"
    },
    {
      "name": "CVE-2024-28762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28762"
    },
    {
      "name": "CVE-2021-45429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45429"
    },
    {
      "name": "CVE-2024-25629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
    },
    {
      "name": "CVE-2024-26308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
    },
    {
      "name": "CVE-2024-35852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35852"
    },
    {
      "name": "CVE-2020-7212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7212"
    },
    {
      "name": "CVE-2023-52781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52781"
    },
    {
      "name": "CVE-2024-35845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35845"
    },
    {
      "name": "CVE-2021-47073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47073"
    },
    {
      "name": "CVE-2024-26804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26804"
    },
    {
      "name": "CVE-2024-28786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28786"
    },
    {
      "name": "CVE-2023-52686",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52686"
    },
    {
      "name": "CVE-2021-47236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47236"
    },
    {
      "name": "CVE-2024-35890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35890"
    },
    {
      "name": "CVE-2024-22195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
    },
    {
      "name": "CVE-2023-52877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52877"
    },
    {
      "name": "CVE-2024-29131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
    },
    {
      "name": "CVE-2023-6349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6349"
    },
    {
      "name": "CVE-2023-45803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
    },
    {
      "name": "CVE-2024-32487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32487"
    },
    {
      "name": "CVE-2024-26826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26826"
    },
    {
      "name": "CVE-2024-26583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26583"
    },
    {
      "name": "CVE-2024-35888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35888"
    },
    {
      "name": "CVE-2024-25710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
    },
    {
      "name": "CVE-2024-7254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
    },
    {
      "name": "CVE-2023-52700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52700"
    },
    {
      "name": "CVE-2023-46136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46136"
    },
    {
      "name": "CVE-2024-29133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
    },
    {
      "name": "CVE-2021-47495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47495"
    },
    {
      "name": "CVE-2024-26675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26675"
    },
    {
      "name": "CVE-2024-26906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26906"
    },
    {
      "name": "CVE-2024-26584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26584"
    },
    {
      "name": "CVE-2023-31346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31346"
    },
    {
      "name": "CVE-2024-5197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5197"
    },
    {
      "name": "CVE-2023-43804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
    },
    {
      "name": "CVE-2024-35835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35835"
    },
    {
      "name": "CVE-2024-26735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26735"
    },
    {
      "name": "CVE-2023-52881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52881"
    },
    {
      "name": "CVE-2021-46972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46972"
    },
    {
      "name": "CVE-2020-26137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26137"
    },
    {
      "name": "CVE-2023-29267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29267"
    },
    {
      "name": "CVE-2023-52667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52667"
    },
    {
      "name": "CVE-2023-52703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52703"
    },
    {
      "name": "CVE-2022-48624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48624"
    },
    {
      "name": "CVE-2024-26759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26759"
    },
    {
      "name": "CVE-2023-52464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52464"
    },
    {
      "name": "CVE-2023-52813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52813"
    },
    {
      "name": "CVE-2024-35838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35838"
    },
    {
      "name": "CVE-2023-52615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52615"
    },
    {
      "name": "CVE-2023-52560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52560"
    },
    {
      "name": "CVE-2024-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
    },
    {
      "name": "CVE-2022-46329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46329"
    },
    {
      "name": "CVE-2021-47069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47069"
    },
    {
      "name": "CVE-2020-26154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26154"
    },
    {
      "name": "CVE-2024-35960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35960"
    },
    {
      "name": "CVE-2023-30861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30861"
    },
    {
      "name": "CVE-2023-2953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2953"
    },
    {
      "name": "CVE-2020-26555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26555"
    },
    {
      "name": "CVE-2024-35789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35789"
    },
    {
      "name": "CVE-2023-52835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52835"
    },
    {
      "name": "CVE-2023-32681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
    },
    {
      "name": "CVE-2024-26982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26982"
    },
    {
      "name": "CVE-2021-47310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47310"
    },
    {
      "name": "CVE-2023-52626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52626"
    },
    {
      "name": "CVE-2024-35958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35958"
    },
    {
      "name": "CVE-2024-22354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22354"
    },
    {
      "name": "CVE-2021-47456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47456"
    },
    {
      "name": "CVE-2024-28752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28752"
    },
    {
      "name": "CVE-2021-47356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47356"
    },
    {
      "name": "CVE-2024-28182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
    },
    {
      "name": "CVE-2021-47353",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47353"
    },
    {
      "name": "CVE-2024-37371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37371"
    },
    {
      "name": "CVE-2023-5090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5090"
    },
    {
      "name": "CVE-2024-27410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27410"
    },
    {
      "name": "CVE-2021-46909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46909"
    },
    {
      "name": "CVE-2024-35853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35853"
    },
    {
      "name": "CVE-2024-26907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26907"
    }
  ],
  "initial_release_date": "2024-10-18T00:00:00",
  "last_revision_date": "2024-10-18T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0903",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-10-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2024-10-17",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7173421",
      "url": "https://www.ibm.com/support/pages/node/7173421"
    },
    {
      "published_at": "2024-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7173043",
      "url": "https://www.ibm.com/support/pages/node/7173043"
    },
    {
      "published_at": "2024-10-17",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7173420",
      "url": "https://www.ibm.com/support/pages/node/7173420"
    },
    {
      "published_at": "2024-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7173226",
      "url": "https://www.ibm.com/support/pages/node/7173226"
    },
    {
      "published_at": "2024-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7173224",
      "url": "https://www.ibm.com/support/pages/node/7173224"
    },
    {
      "published_at": "2024-10-15",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7173097",
      "url": "https://www.ibm.com/support/pages/node/7173097"
    }
  ]
}

CERTFR-2024-AVI-1103

Vulnerability from certfr_avis - Published: 2024-12-20 - Updated: 2024-12-20

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Cognos Analytics	Cognos Analytics versions 12.0.x antérieures à 12.0.4
IBM	Sterling	Sterling External Authentication Server versions 6.1.0.x antérieures à 6.1.0.2 ifix 01
IBM	QRadar SIEM	Security QRadar Log Management AQL Plugin versions antérieures à 1.1.0
IBM	Sterling	Sterling Secure Proxy versions 6.0.x antérieures à 6.0.3.1 (fixpack) GA
IBM	Cognos Analytics	Cognos Analytics versions 11.2.x antérieures à 11.2.4 FP5
IBM	Sterling	Sterling Secure Proxy versions 6.1.x antérieures à 6.1.0.1 (fixpack) GA
IBM	Sterling	Sterling Secure Proxy versions 6.2.x antérieures à 6.2.0.0 ifix 01
IBM	Sterling Connect:Direct	Sterling Connect:Direct Web Services versions 6.3.x antérieures à 6.3.0.11_ifix001

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7177142	2024-12-17	vendor-advisory
Bulletin de sécurité IBM 7177223	2024-12-17	vendor-advisory
Bulletin de sécurité IBM 7179044	2024-12-16	vendor-advisory
Bulletin de sécurité IBM 7179156	2024-12-17	vendor-advisory
Bulletin de sécurité IBM 7179166	2024-12-17	vendor-advisory
Bulletin de sécurité IBM 7178835	2024-12-13	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling External Authentication Server versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.2 ifix 01",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": " Security QRadar Log Management AQL Plugin versions ant\u00e9rieures \u00e0 1.1.0",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Secure Proxy versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1 (fixpack) GA",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 FP5",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Secure Proxy versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.1 (fixpack) GA",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Secure Proxy versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.0 ifix 01",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct Web Services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.11_ifix001",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2017-9937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9937"
    },
    {
      "name": "CVE-2023-52356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52356"
    },
    {
      "name": "CVE-2023-41334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41334"
    },
    {
      "name": "CVE-2023-37536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37536"
    },
    {
      "name": "CVE-2023-40217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
    },
    {
      "name": "CVE-2024-22871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22871"
    },
    {
      "name": "CVE-2024-7006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7006"
    },
    {
      "name": "CVE-2023-3316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3316"
    },
    {
      "name": "CVE-2024-36138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36138"
    },
    {
      "name": "CVE-2018-14042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
    },
    {
      "name": "CVE-2024-29041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29041"
    },
    {
      "name": "CVE-2021-45960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
    },
    {
      "name": "CVE-2024-22020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22020"
    },
    {
      "name": "CVE-2022-3626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3626"
    },
    {
      "name": "CVE-2023-38264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
    },
    {
      "name": "CVE-2024-22201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
    },
    {
      "name": "CVE-2020-12401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12401"
    },
    {
      "name": "CVE-2018-15209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15209"
    },
    {
      "name": "CVE-2024-28849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
    },
    {
      "name": "CVE-2018-17100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17100"
    },
    {
      "name": "CVE-2022-3599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3599"
    },
    {
      "name": "CVE-2022-34266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34266"
    },
    {
      "name": "CVE-2020-35521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35521"
    },
    {
      "name": "CVE-2023-0796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0796"
    },
    {
      "name": "CVE-2023-50386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50386"
    },
    {
      "name": "CVE-2024-4068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
    },
    {
      "name": "CVE-2023-52425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
    },
    {
      "name": "CVE-2024-23944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23944"
    },
    {
      "name": "CVE-2022-48554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48554"
    },
    {
      "name": "CVE-2024-39008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39008"
    },
    {
      "name": "CVE-2018-14040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
    },
    {
      "name": "CVE-2024-28757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
    },
    {
      "name": "CVE-2023-30086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30086"
    },
    {
      "name": "CVE-2019-11727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11727"
    },
    {
      "name": "CVE-2024-25638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25638"
    },
    {
      "name": "CVE-2022-2057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2057"
    },
    {
      "name": "CVE-2019-6128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6128"
    },
    {
      "name": "CVE-2023-26965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26965"
    },
    {
      "name": "CVE-2022-22823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
    },
    {
      "name": "CVE-2023-52426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52426"
    },
    {
      "name": "CVE-2022-2058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2058"
    },
    {
      "name": "CVE-2024-45082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45082"
    },
    {
      "name": "CVE-2023-50782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
    },
    {
      "name": "CVE-2022-3627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3627"
    },
    {
      "name": "CVE-2022-2867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2867"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2023-32067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
    },
    {
      "name": "CVE-2022-3598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3598"
    },
    {
      "name": "CVE-2023-0798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0798"
    },
    {
      "name": "CVE-2019-11358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
    },
    {
      "name": "CVE-2023-2731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2731"
    },
    {
      "name": "CVE-2023-0803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0803"
    },
    {
      "name": "CVE-2023-4807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
    },
    {
      "name": "CVE-2023-30774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30774"
    },
    {
      "name": "CVE-2023-4759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4759"
    },
    {
      "name": "CVE-2017-11613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11613"
    },
    {
      "name": "CVE-2017-12652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12652"
    },
    {
      "name": "CVE-2024-41752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41752"
    },
    {
      "name": "CVE-2023-50447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50447"
    },
    {
      "name": "CVE-2018-18508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18508"
    },
    {
      "name": "CVE-2024-29857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
    },
    {
      "name": "CVE-2024-34447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
    },
    {
      "name": "CVE-2024-33883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33883"
    },
    {
      "name": "CVE-2022-40897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
    },
    {
      "name": "CVE-2024-29025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
    },
    {
      "name": "CVE-2022-22844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22844"
    },
    {
      "name": "CVE-2014-1544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1544"
    },
    {
      "name": "CVE-2023-4421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4421"
    },
    {
      "name": "CVE-2023-6277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6277"
    },
    {
      "name": "CVE-2023-4813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4813"
    },
    {
      "name": "CVE-2024-45590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
    },
    {
      "name": "CVE-2024-43796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
    },
    {
      "name": "CVE-2023-50298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50298"
    },
    {
      "name": "CVE-2024-25629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
    },
    {
      "name": "CVE-2024-26308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
    },
    {
      "name": "CVE-2023-50292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50292"
    },
    {
      "name": "CVE-2018-20676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20676"
    },
    {
      "name": "CVE-2023-0802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0802"
    },
    {
      "name": "CVE-2022-2056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2056"
    },
    {
      "name": "CVE-2024-4067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
    },
    {
      "name": "CVE-2024-30172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
    },
    {
      "name": "CVE-2021-43138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
    },
    {
      "name": "CVE-2020-25648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25648"
    },
    {
      "name": "CVE-2019-17023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17023"
    },
    {
      "name": "CVE-2022-21699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21699"
    },
    {
      "name": "CVE-2024-28176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28176"
    },
    {
      "name": "CVE-2019-7317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7317"
    },
    {
      "name": "CVE-2024-7264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
    },
    {
      "name": "CVE-2019-17007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17007"
    },
    {
      "name": "CVE-2023-0767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
    },
    {
      "name": "CVE-2023-51074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51074"
    },
    {
      "name": "CVE-2022-23852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
    },
    {
      "name": "CVE-2022-22825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
    },
    {
      "name": "CVE-2023-38289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38289"
    },
    {
      "name": "CVE-2018-20677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20677"
    },
    {
      "name": "CVE-2010-1205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1205"
    },
    {
      "name": "CVE-2020-23064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-23064"
    },
    {
      "name": "CVE-2024-22195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
    },
    {
      "name": "CVE-2023-23931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
    },
    {
      "name": "CVE-2015-7182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7182"
    },
    {
      "name": "CVE-2022-23990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
    },
    {
      "name": "CVE-2018-16335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16335"
    },
    {
      "name": "CVE-2024-21011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
    },
    {
      "name": "CVE-2024-29131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
    },
    {
      "name": "CVE-2021-36770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36770"
    },
    {
      "name": "CVE-2020-19144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19144"
    },
    {
      "name": "CVE-2023-3164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3164"
    },
    {
      "name": "CVE-2022-3597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3597"
    },
    {
      "name": "CVE-2024-27983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
    },
    {
      "name": "CVE-2017-12627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12627"
    },
    {
      "name": "CVE-2018-17101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17101"
    },
    {
      "name": "CVE-2023-50291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50291"
    },
    {
      "name": "CVE-2014-1568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1568"
    },
    {
      "name": "CVE-2020-26261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26261"
    },
    {
      "name": "CVE-2023-24816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24816"
    },
    {
      "name": "CVE-2024-45296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
    },
    {
      "name": "CVE-2023-0801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0801"
    },
    {
      "name": "CVE-2022-4645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4645"
    },
    {
      "name": "CVE-2019-17546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17546"
    },
    {
      "name": "CVE-2022-2869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2869"
    },
    {
      "name": "CVE-2022-3479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3479"
    },
    {
      "name": "CVE-2023-40745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40745"
    },
    {
      "name": "CVE-2024-27982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
    },
    {
      "name": "CVE-2024-25710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
    },
    {
      "name": "CVE-2020-15110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15110"
    },
    {
      "name": "CVE-2023-25435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25435"
    },
    {
      "name": "CVE-2024-37372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37372"
    },
    {
      "name": "CVE-2021-38153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38153"
    },
    {
      "name": "CVE-2023-5156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5156"
    },
    {
      "name": "CVE-2024-29133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
    },
    {
      "name": "CVE-2017-18869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18869"
    },
    {
      "name": "CVE-2022-0562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0562"
    },
    {
      "name": "CVE-2023-38325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38325"
    },
    {
      "name": "CVE-2019-11719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11719"
    },
    {
      "name": "CVE-2022-0891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0891"
    },
    {
      "name": "CVE-2018-7456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7456"
    },
    {
      "name": "CVE-2023-38288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38288"
    },
    {
      "name": "CVE-2024-21094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
    },
    {
      "name": "CVE-2023-0799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0799"
    },
    {
      "name": "CVE-2019-17006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17006"
    },
    {
      "name": "CVE-2020-12403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12403"
    },
    {
      "name": "CVE-2023-6237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
    },
    {
      "name": "CVE-2023-6228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6228"
    },
    {
      "name": "CVE-2021-46848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46848"
    },
    {
      "name": "CVE-2023-2650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
    },
    {
      "name": "CVE-2023-0795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0795"
    },
    {
      "name": "CVE-2024-2398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
    },
    {
      "name": "CVE-2023-50495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50495"
    },
    {
      "name": "CVE-2017-18013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18013"
    },
    {
      "name": "CVE-2023-25194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25194"
    },
    {
      "name": "CVE-2023-6129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
    },
    {
      "name": "CVE-2016-1938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1938"
    },
    {
      "name": "CVE-2017-11698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11698"
    },
    {
      "name": "CVE-2022-22827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
    },
    {
      "name": "CVE-2024-38337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38337"
    },
    {
      "name": "CVE-2018-12384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12384"
    },
    {
      "name": "CVE-2018-12404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12404"
    },
    {
      "name": "CVE-2019-14973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14973"
    },
    {
      "name": "CVE-2020-36191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36191"
    },
    {
      "name": "CVE-2024-22018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22018"
    },
    {
      "name": "CVE-2023-0804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0804"
    },
    {
      "name": "CVE-2023-30775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30775"
    },
    {
      "name": "CVE-2023-0797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0797"
    },
    {
      "name": "CVE-2018-14041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
    },
    {
      "name": "CVE-2023-1916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1916"
    },
    {
      "name": "CVE-2024-37890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
    },
    {
      "name": "CVE-2020-19131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19131"
    },
    {
      "name": "CVE-2015-7575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7575"
    },
    {
      "name": "CVE-2023-41175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41175"
    },
    {
      "name": "CVE-2020-11022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
    },
    {
      "name": "CVE-2018-5784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5784"
    },
    {
      "name": "CVE-2018-17000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17000"
    },
    {
      "name": "CVE-2024-28863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
    },
    {
      "name": "CVE-2023-3576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3576"
    },
    {
      "name": "CVE-2023-4806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4806"
    },
    {
      "name": "CVE-2020-35523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35523"
    },
    {
      "name": "CVE-2016-10735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
    },
    {
      "name": "CVE-2024-39338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
    },
    {
      "name": "CVE-2022-34749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34749"
    },
    {
      "name": "CVE-2024-30171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
    },
    {
      "name": "CVE-2020-19189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19189"
    },
    {
      "name": "CVE-2022-0908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0908"
    },
    {
      "name": "CVE-2023-49083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
    },
    {
      "name": "CVE-2024-36114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
    },
    {
      "name": "CVE-2019-11745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11745"
    },
    {
      "name": "CVE-2019-11729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11729"
    },
    {
      "name": "CVE-2024-34102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34102"
    },
    {
      "name": "CVE-2019-11756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11756"
    },
    {
      "name": "CVE-2021-32862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32862"
    },
    {
      "name": "CVE-2022-22826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
    },
    {
      "name": "CVE-2024-4367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4367"
    },
    {
      "name": "CVE-2024-25016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25016"
    },
    {
      "name": "CVE-2022-40090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40090"
    },
    {
      "name": "CVE-2023-25434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25434"
    },
    {
      "name": "CVE-2024-29896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29896"
    },
    {
      "name": "CVE-2015-7181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7181"
    },
    {
      "name": "CVE-2020-18768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-18768"
    },
    {
      "name": "CVE-2022-34526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34526"
    },
    {
      "name": "CVE-2022-2868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2868"
    },
    {
      "name": "CVE-2017-5461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5461"
    },
    {
      "name": "CVE-2014-1569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1569"
    },
    {
      "name": "CVE-2020-12400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12400"
    },
    {
      "name": "CVE-2023-31130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31130"
    },
    {
      "name": "CVE-2024-21085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
    },
    {
      "name": "CVE-2023-32681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
    },
    {
      "name": "CVE-2017-11695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11695"
    },
    {
      "name": "CVE-2023-2908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2908"
    },
    {
      "name": "CVE-2023-3446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
    },
    {
      "name": "CVE-2022-22824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
    },
    {
      "name": "CVE-2020-6829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6829"
    },
    {
      "name": "CVE-2017-11697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11697"
    },
    {
      "name": "CVE-2023-0800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0800"
    },
    {
      "name": "CVE-2023-5388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5388"
    },
    {
      "name": "CVE-2024-27980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27980"
    },
    {
      "name": "CVE-2023-5678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
    },
    {
      "name": "CVE-2024-51504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51504"
    },
    {
      "name": "CVE-2018-19210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19210"
    },
    {
      "name": "CVE-2013-2099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2099"
    },
    {
      "name": "CVE-2024-6345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
    },
    {
      "name": "CVE-2019-10255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10255"
    },
    {
      "name": "CVE-2020-11023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
    },
    {
      "name": "CVE-2020-35524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35524"
    },
    {
      "name": "CVE-2019-8331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
    },
    {
      "name": "CVE-2024-36137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36137"
    },
    {
      "name": "CVE-2020-35522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35522"
    },
    {
      "name": "CVE-2022-3570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3570"
    },
    {
      "name": "CVE-2017-11696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11696"
    },
    {
      "name": "CVE-2022-0561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0561"
    }
  ],
  "initial_release_date": "2024-12-20T00:00:00",
  "last_revision_date": "2024-12-20T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-1103",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-12-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2024-12-17",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7177142",
      "url": "https://www.ibm.com/support/pages/node/7177142"
    },
    {
      "published_at": "2024-12-17",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7177223",
      "url": "https://www.ibm.com/support/pages/node/7177223"
    },
    {
      "published_at": "2024-12-16",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7179044",
      "url": "https://www.ibm.com/support/pages/node/7179044"
    },
    {
      "published_at": "2024-12-17",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7179156",
      "url": "https://www.ibm.com/support/pages/node/7179156"
    },
    {
      "published_at": "2024-12-17",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7179166",
      "url": "https://www.ibm.com/support/pages/node/7179166"
    },
    {
      "published_at": "2024-12-13",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7178835",
      "url": "https://www.ibm.com/support/pages/node/7178835"
    }
  ]
}

FKIE_CVE-2023-37536

Vulnerability from fkie_nvd - Published: 2023-10-11 07:15 - Updated: 2024-11-21 08:11

Severity ?

8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.

References

URL	Tags
psirt@hcl.com	https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html
psirt@hcl.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/
psirt@hcl.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/
psirt@hcl.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/	Mailing List, Third Party Advisory
psirt@hcl.com	https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107791	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107791	Vendor Advisory

Impacted products

Vendor	Product	Version
apache	xerces-c\+\+	3.2.3
hcltech	bigfix_platform	*
hcltech	bigfix_platform	*
fedoraproject	fedora	37

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:xerces-c\\+\\+:3.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D12DE323-B495-4294-B491-D18A2134D3E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C944AE77-DEF5-4AF7-A900-F82CB023F5FD",
              "versionEndExcluding": "9.5.23",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D9C29D2-7B7C-4040-9451-BAB1FB5E4D28",
              "versionEndExcluding": "10.0.10",
              "versionStartIncluding": "10.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
              "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento de enteros de xerces-c++ 3.2.3 en BigFix Platform permite a atacantes remotos provocar acceso fuera de l\u00edmites a trav\u00e9s de una solicitud HTTP."
    }
  ],
  "id": "CVE-2023-37536",
  "lastModified": "2024-11-21T08:11:53.283",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 5.3,
        "source": "psirt@hcl.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-11T07:15:10.580",
  "references": [
    {
      "source": "psirt@hcl.com",
      "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html"
    },
    {
      "source": "psirt@hcl.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/"
    },
    {
      "source": "psirt@hcl.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/"
    },
    {
      "source": "psirt@hcl.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/"
    },
    {
      "source": "psirt@hcl.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107791"
    }
  ],
  "sourceIdentifier": "psirt@hcl.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-680"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GSD-2023-37536

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.

Aliases

CVE-2023-37536

Aliases

CVE-2023-37536

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-37536",
    "id": "GSD-2023-37536"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-37536"
      ],
      "details": "An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.",
      "id": "GSD-2023-37536",
      "modified": "2023-12-13T01:20:24.794836Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@hcl.com",
        "ID": "CVE-2023-37536",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "BigFix Platform",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "9.5 - 9.5.22, 10 - 10.0.9"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "HCL Software"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107791",
            "refsource": "MISC",
            "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107791"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/"
          },
          {
            "name": "https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html",
            "refsource": "MISC",
            "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:apache:xerces-c\\+\\+:3.2.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D12DE323-B495-4294-B491-D18A2134D3E3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C944AE77-DEF5-4AF7-A900-F82CB023F5FD",
                    "versionEndExcluding": "9.5.23",
                    "versionStartIncluding": "9.0.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5D9C29D2-7B7C-4040-9451-BAB1FB5E4D28",
                    "versionEndExcluding": "10.0.10",
                    "versionStartIncluding": "10.0.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request."
          },
          {
            "lang": "es",
            "value": "Un desbordamiento de enteros de xerces-c++ 3.2.3 en BigFix Platform permite a atacantes remotos provocar acceso fuera de l\u00edmites a trav\u00e9s de una solicitud HTTP."
          }
        ],
        "id": "CVE-2023-37536",
        "lastModified": "2023-12-31T14:15:42.080",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.3,
              "impactScore": 5.3,
              "source": "psirt@hcl.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2023-10-11T07:15:10.580",
        "references": [
          {
            "source": "psirt@hcl.com",
            "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html"
          },
          {
            "source": "psirt@hcl.com",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/"
          },
          {
            "source": "psirt@hcl.com",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/"
          },
          {
            "source": "psirt@hcl.com",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/"
          },
          {
            "source": "psirt@hcl.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107791"
          }
        ],
        "sourceIdentifier": "psirt@hcl.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-190"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

GHSA-62MQ-P983-GJVX

Vulnerability from github – Published: 2023-10-11 09:34 – Updated: 2024-08-01 15:31

Details

An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.

Severity ?

8.2 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-37536"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-190",
      "CWE-680"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-11T07:15:10Z",
    "severity": "HIGH"
  },
  "details": "An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.",
  "id": "GHSA-62mq-p983-gjvx",
  "modified": "2024-08-01T15:31:23Z",
  "published": "2023-10-11T09:34:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37536"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM"
    },
    {
      "type": "WEB",
      "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107791"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-37536 (GCVE-0-2023-37536)

CVE-2023-37536

CERTFR-2024-AVI-0903

Solutions

CERTFR-2024-AVI-1103

Solutions

FKIE_CVE-2023-37536

GSD-2023-37536

GHSA-62MQ-P983-GJVX

Tags

Sightings

Nomenclature