Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2013-3587 (GCVE-0-2013-3587)
Vulnerability from cvelistv5
Published
2020-02-21 17:11
Modified
2024-08-06 16:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Other
Summary
The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HTTPS protocol |
Version: all |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://breachattack.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://slashdot.org/story/13/08/05/233216"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.blackhat.com/us-13/briefings.html#Prado"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://github.com/meldium/breach-mitigation-rails"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/987798"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/254895"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=995168"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K14634"
},
{
"name": "[httpd-dev] 20210409 GSOC project Idea- fix for CVE-2013-3587",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1%40%3Cdev.httpd.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HTTPS protocol",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"datePublic": "2012-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a \"BREACH\" attack, a different issue than CVE-2012-4929."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-10T00:06:26",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://breachattack.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://slashdot.org/story/13/08/05/233216"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.blackhat.com/us-13/briefings.html#Prado"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/meldium/breach-mitigation-rails"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.kb.cert.org/vuls/id/987798"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/254895"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=995168"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.f5.com/csp/article/K14634"
},
{
"name": "[httpd-dev] 20210409 GSOC project Idea- fix for CVE-2013-3587",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1%40%3Cdev.httpd.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HTTPS protocol",
"version": {
"version_data": [
{
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a \"BREACH\" attack, a different issue than CVE-2012-4929."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://breachattack.com/",
"refsource": "MISC",
"url": "http://breachattack.com/"
},
{
"name": "http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407",
"refsource": "MISC",
"url": "http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407"
},
{
"name": "http://slashdot.org/story/13/08/05/233216",
"refsource": "MISC",
"url": "http://slashdot.org/story/13/08/05/233216"
},
{
"name": "http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf",
"refsource": "MISC",
"url": "http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf"
},
{
"name": "https://www.blackhat.com/us-13/briefings.html#Prado",
"refsource": "MISC",
"url": "https://www.blackhat.com/us-13/briefings.html#Prado"
},
{
"name": "http://github.com/meldium/breach-mitigation-rails",
"refsource": "MISC",
"url": "http://github.com/meldium/breach-mitigation-rails"
},
{
"name": "https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/",
"refsource": "MISC",
"url": "https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/"
},
{
"name": "http://www.kb.cert.org/vuls/id/987798",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/987798"
},
{
"name": "https://hackerone.com/reports/254895",
"refsource": "MISC",
"url": "https://hackerone.com/reports/254895"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=995168",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=995168"
},
{
"name": "https://support.f5.com/csp/article/K14634",
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K14634"
},
{
"name": "[httpd-dev] 20210409 GSOC project Idea- fix for CVE-2013-3587",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1@%3Cdev.httpd.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2013-3587",
"datePublished": "2020-02-21T17:11:47",
"dateReserved": "2013-05-21T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2013-3587\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2020-02-21T18:15:11.427\",\"lastModified\":\"2024-11-21T01:53:56.283\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a \\\"BREACH\\\" attack, a different issue than CVE-2012-4929.\"},{\"lang\":\"es\",\"value\":\"El protocolo HTTPS, como es usado en aplicaciones web no especificadas, puede cifrar datos comprimidos sin ofuscar apropiadamente la longitud de los datos no cifrados, facilitando a atacantes de tipo \\\"man-in-the-middle\\\" obtener valores secretos en texto plano al observar las diferencias de longitud durante una serie de adivinaciones en las que una cadena en una URL de peticiones HTTP coincide potencialmente con una cadena desconocida en un cuerpo de respuesta HTTP, tambi\u00e9n se conoce como ataque \\\"BREACH\\\", un problema diferente de CVE-2012-4929.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.1.0\",\"versionEndIncluding\":\"10.2.4\",\"matchCriteriaId\":\"79618AB4-7A8E-4488-8608-57EC2F8681FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndIncluding\":\"11.6.1\",\"matchCriteriaId\":\"57AB5137-9797-4BA3-8725-40494DA8FFB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndIncluding\":\"12.1.2\",\"matchCriteriaId\":\"0ACC0695-E62E-4748-AA8A-46772EB8C83C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCF89E7C-806E-4800-BAA9-0225433B6C56\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.3.0\",\"versionEndIncluding\":\"11.6.1\",\"matchCriteriaId\":\"59217FC1-AFB3-479F-A369-9C7FB3DD29F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndIncluding\":\"12.1.2\",\"matchCriteriaId\":\"93212B86-21EA-4340-9149-E58F65285C15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C4E5F36-434B-48E1-9715-4EEC22FB23D1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndIncluding\":\"11.6.1\",\"matchCriteriaId\":\"0FCA781F-8728-4ECB-85D1-1E0AE4EEFC2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndIncluding\":\"12.1.2\",\"matchCriteriaId\":\"25944BCA-3EEB-4396-AC8F-EF58834BC47E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:13.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34D75E7F-B65F-421D-92EE-6B20756019C2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.4.0\",\"versionEndIncluding\":\"11.6.1\",\"matchCriteriaId\":\"70FB5FD7-4B96-438C-AAD3-D2E128DAA8BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndIncluding\":\"12.1.2\",\"matchCriteriaId\":\"39E45CF5-C9E4-4AB9-A6D5-66F8336DDB79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D75D5AD-C20A-4D94-84E0-E695C9D2A26D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.2.0\",\"versionEndIncluding\":\"9.4.8\",\"matchCriteriaId\":\"6034A531-6A0E-4086-A76F-91C3F62C7994\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndIncluding\":\"10.2.4\",\"matchCriteriaId\":\"667D3780-3949-41AC-83DE-5BCB8B36C382\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndIncluding\":\"11.6.1\",\"matchCriteriaId\":\"FDDD9D77-12B6-40F4-B819-2515D357A91A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndIncluding\":\"12.1.2\",\"matchCriteriaId\":\"7CB146EF-CCAB-4194-9735-F8909E283308\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7569977A-E567-4115-B00C-4B0CBA86582E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.1.0\",\"versionEndIncluding\":\"10.2.4\",\"matchCriteriaId\":\"A8347412-DC42-4B86-BF6E-A44A5E1541ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndIncluding\":\"11.3.0\",\"matchCriteriaId\":\"C8942D9D-8E3A-4876-8E93-ED8D201FF546\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.2.2\",\"versionEndIncluding\":\"9.4.8\",\"matchCriteriaId\":\"E27C5743-4F94-4A1C-AD8C-25D29B65BF95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndIncluding\":\"10.2.4\",\"matchCriteriaId\":\"1DF6BB8A-FA63-4DBC-891C-256FF23CBCF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndIncluding\":\"11.6.1\",\"matchCriteriaId\":\"1D413BDC-8B60-494A-A218-75EAF09D1495\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndIncluding\":\"12.1.2\",\"matchCriteriaId\":\"C4A5CD9B-D257-4EC9-8C57-D9552C2FFFFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2C4414E-8016-48B5-8CC3-F97FF2D85922\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndIncluding\":\"9.6.1\",\"matchCriteriaId\":\"5F293F06-4601-4074-A695-2C229CF8D126\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndIncluding\":\"10.2.4\",\"matchCriteriaId\":\"289CEABB-22A2-436D-AE4B-4BDA2D0EAFDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndIncluding\":\"11.6.1\",\"matchCriteriaId\":\"439927F5-ECDA-4DD8-BA75-97E55C9E584F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndIncluding\":\"12.1.2\",\"matchCriteriaId\":\"C1F5FF67-5D17-4760-AFDC-4234EC1E6306\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA7D64DC-7271-4617-BD46-99C8246779CA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.3.0\",\"versionEndIncluding\":\"11.6.1\",\"matchCriteriaId\":\"632BD15C-04E6-4FD9-9410-6DE9E48F926A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndIncluding\":\"12.1.2\",\"matchCriteriaId\":\"BDE77CCE-7F97-48EA-A9D3-090B1481616F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42821916-E601-4831-B37B-3202ACF2C562\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.4.5\",\"versionEndIncluding\":\"9.4.8\",\"matchCriteriaId\":\"5522F58E-C4EA-40B4-8F44-3E95315D37EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndIncluding\":\"10.2.4\",\"matchCriteriaId\":\"2C0B4C01-C71E-4E35-B63A-68395984E033\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndIncluding\":\"11.4.1\",\"matchCriteriaId\":\"9828CBA5-BB72-46E2-987D-633A5B3E2AFF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndIncluding\":\"10.2.4\",\"matchCriteriaId\":\"BB60C39D-52ED-47DD-9FB9-2B4BC8D9F8AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndIncluding\":\"11.3.0\",\"matchCriteriaId\":\"68BC025A-D45E-45FB-A4E4-1C89320B5BBE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.4.0\",\"versionEndIncluding\":\"9.4.8\",\"matchCriteriaId\":\"3F383EBC-4739-4514-9EC0-BE17AC453735\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndIncluding\":\"10.2.4\",\"matchCriteriaId\":\"AE007A64-5867-4B1A-AEFB-3AB2CD6A5EA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndIncluding\":\"11.3.0\",\"matchCriteriaId\":\"7C75978B-566B-4353-8716-099CB8790EE0\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:firepass:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndIncluding\":\"6.1.0\",\"matchCriteriaId\":\"15CE213B-F42C-4C2E-AFBD-852AB049FF8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:firepass:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"442D343A-973B-4C33-B99B-1EA2B7670DE5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:arx:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndIncluding\":\"5.3.1\",\"matchCriteriaId\":\"794651B6-E22C-4A6F-9B1F-AA94BEDD44FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:arx:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndIncluding\":\"6.4.0\",\"matchCriteriaId\":\"F20E6644-F925-4283-AD92-7B0696F52310\"}]}]}],\"references\":[{\"url\":\"http://breachattack.com/\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://github.com/meldium/breach-mitigation-rails\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407\",\"source\":\"cret@cert.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://slashdot.org/story/13/08/05/233216\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/987798\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=995168\",\"source\":\"cret@cert.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://hackerone.com/reports/254895\",\"source\":\"cret@cert.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1%40%3Cdev.httpd.apache.org%3E\",\"source\":\"cret@cert.org\"},{\"url\":\"https://support.f5.com/csp/article/K14634\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.blackhat.com/us-13/briefings.html#Prado\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://breachattack.com/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://github.com/meldium/breach-mitigation-rails\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://slashdot.org/story/13/08/05/233216\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/987798\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=995168\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://hackerone.com/reports/254895\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1%40%3Cdev.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.f5.com/csp/article/K14634\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.blackhat.com/us-13/briefings.html#Prado\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
fkie_cve-2013-3587
Vulnerability from fkie_nvd
Published
2020-02-21 18:15
Modified
2024-11-21 01:53
Severity ?
Summary
The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://breachattack.com/ | Third Party Advisory | |
| cret@cert.org | http://github.com/meldium/breach-mitigation-rails | Third Party Advisory | |
| cret@cert.org | http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407 | Exploit, Third Party Advisory | |
| cret@cert.org | http://slashdot.org/story/13/08/05/233216 | Third Party Advisory | |
| cret@cert.org | http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf | Third Party Advisory | |
| cret@cert.org | http://www.kb.cert.org/vuls/id/987798 | Third Party Advisory, US Government Resource | |
| cret@cert.org | https://bugzilla.redhat.com/show_bug.cgi?id=995168 | Issue Tracking, Third Party Advisory | |
| cret@cert.org | https://hackerone.com/reports/254895 | Exploit, Third Party Advisory | |
| cret@cert.org | https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1%40%3Cdev.httpd.apache.org%3E | ||
| cret@cert.org | https://support.f5.com/csp/article/K14634 | Third Party Advisory | |
| cret@cert.org | https://www.blackhat.com/us-13/briefings.html#Prado | Third Party Advisory | |
| cret@cert.org | https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://breachattack.com/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://github.com/meldium/breach-mitigation-rails | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://slashdot.org/story/13/08/05/233216 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/987798 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=995168 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/254895 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1%40%3Cdev.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K14634 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.blackhat.com/us-13/briefings.html#Prado | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f5 | big-ip_access_policy_manager | * | |
| f5 | big-ip_access_policy_manager | * | |
| f5 | big-ip_access_policy_manager | * | |
| f5 | big-ip_access_policy_manager | 13.0.0 | |
| f5 | big-ip_advanced_firewall_manager | * | |
| f5 | big-ip_advanced_firewall_manager | * | |
| f5 | big-ip_advanced_firewall_manager | 13.0.0 | |
| f5 | big-ip_analytics | * | |
| f5 | big-ip_analytics | * | |
| f5 | big-ip_analytics | 13.0.0 | |
| f5 | big-ip_application_acceleration_manager | * | |
| f5 | big-ip_application_acceleration_manager | * | |
| f5 | big-ip_application_acceleration_manager | 13.0.0 | |
| f5 | big-ip_application_security_manager | * | |
| f5 | big-ip_application_security_manager | * | |
| f5 | big-ip_application_security_manager | * | |
| f5 | big-ip_application_security_manager | * | |
| f5 | big-ip_application_security_manager | 13.0.0 | |
| f5 | big-ip_edge_gateway | * | |
| f5 | big-ip_edge_gateway | * | |
| f5 | big-ip_link_controller | * | |
| f5 | big-ip_link_controller | * | |
| f5 | big-ip_link_controller | * | |
| f5 | big-ip_link_controller | * | |
| f5 | big-ip_link_controller | 13.0.0 | |
| f5 | big-ip_local_traffic_manager | * | |
| f5 | big-ip_local_traffic_manager | * | |
| f5 | big-ip_local_traffic_manager | * | |
| f5 | big-ip_local_traffic_manager | * | |
| f5 | big-ip_local_traffic_manager | 13.0.0 | |
| f5 | big-ip_policy_enforcement_manager | * | |
| f5 | big-ip_policy_enforcement_manager | * | |
| f5 | big-ip_policy_enforcement_manager | 13.0.0 | |
| f5 | big-ip_protocol_security_module | * | |
| f5 | big-ip_protocol_security_module | * | |
| f5 | big-ip_protocol_security_module | * | |
| f5 | big-ip_wan_optimization_manager | * | |
| f5 | big-ip_wan_optimization_manager | * | |
| f5 | big-ip_webaccelerator | * | |
| f5 | big-ip_webaccelerator | * | |
| f5 | big-ip_webaccelerator | * | |
| f5 | firepass | * | |
| f5 | firepass | 7.0.0 | |
| f5 | arx | * | |
| f5 | arx | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79618AB4-7A8E-4488-8608-57EC2F8681FE",
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57AB5137-9797-4BA3-8725-40494DA8FFB2",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0ACC0695-E62E-4748-AA8A-46772EB8C83C",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BCF89E7C-806E-4800-BAA9-0225433B6C56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59217FC1-AFB3-479F-A369-9C7FB3DD29F0",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93212B86-21EA-4340-9149-E58F65285C15",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4E5F36-434B-48E1-9715-4EEC22FB23D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FCA781F-8728-4ECB-85D1-1E0AE4EEFC2B",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25944BCA-3EEB-4396-AC8F-EF58834BC47E",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34D75E7F-B65F-421D-92EE-6B20756019C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70FB5FD7-4B96-438C-AAD3-D2E128DAA8BF",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39E45CF5-C9E4-4AB9-A6D5-66F8336DDB79",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D75D5AD-C20A-4D94-84E0-E695C9D2A26D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6034A531-6A0E-4086-A76F-91C3F62C7994",
"versionEndIncluding": "9.4.8",
"versionStartIncluding": "9.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "667D3780-3949-41AC-83DE-5BCB8B36C382",
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDD9D77-12B6-40F4-B819-2515D357A91A",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB146EF-CCAB-4194-9735-F8909E283308",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7569977A-E567-4115-B00C-4B0CBA86582E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8347412-DC42-4B86-BF6E-A44A5E1541ED",
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8942D9D-8E3A-4876-8E93-ED8D201FF546",
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E27C5743-4F94-4A1C-AD8C-25D29B65BF95",
"versionEndIncluding": "9.4.8",
"versionStartIncluding": "9.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF6BB8A-FA63-4DBC-891C-256FF23CBCF0",
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D413BDC-8B60-494A-A218-75EAF09D1495",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A5CD9B-D257-4EC9-8C57-D9552C2FFFFC",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C4414E-8016-48B5-8CC3-F97FF2D85922",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F293F06-4601-4074-A695-2C229CF8D126",
"versionEndIncluding": "9.6.1",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "289CEABB-22A2-436D-AE4B-4BDA2D0EAFDB",
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "439927F5-ECDA-4DD8-BA75-97E55C9E584F",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F5FF67-5D17-4760-AFDC-4234EC1E6306",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7D64DC-7271-4617-BD46-99C8246779CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "632BD15C-04E6-4FD9-9410-6DE9E48F926A",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDE77CCE-7F97-48EA-A9D3-090B1481616F",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42821916-E601-4831-B37B-3202ACF2C562",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5522F58E-C4EA-40B4-8F44-3E95315D37EA",
"versionEndIncluding": "9.4.8",
"versionStartIncluding": "9.4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C0B4C01-C71E-4E35-B63A-68395984E033",
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9828CBA5-BB72-46E2-987D-633A5B3E2AFF",
"versionEndIncluding": "11.4.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB60C39D-52ED-47DD-9FB9-2B4BC8D9F8AC",
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68BC025A-D45E-45FB-A4E4-1C89320B5BBE",
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F383EBC-4739-4514-9EC0-BE17AC453735",
"versionEndIncluding": "9.4.8",
"versionStartIncluding": "9.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE007A64-5867-4B1A-AEFB-3AB2CD6A5EA4",
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C75978B-566B-4353-8716-099CB8790EE0",
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:firepass:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15CE213B-F42C-4C2E-AFBD-852AB049FF8A",
"versionEndIncluding": "6.1.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:firepass:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "442D343A-973B-4C33-B99B-1EA2B7670DE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:arx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "794651B6-E22C-4A6F-9B1F-AA94BEDD44FF",
"versionEndIncluding": "5.3.1",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:arx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E6644-F925-4283-AD92-7B0696F52310",
"versionEndIncluding": "6.4.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a \"BREACH\" attack, a different issue than CVE-2012-4929."
},
{
"lang": "es",
"value": "El protocolo HTTPS, como es usado en aplicaciones web no especificadas, puede cifrar datos comprimidos sin ofuscar apropiadamente la longitud de los datos no cifrados, facilitando a atacantes de tipo \"man-in-the-middle\" obtener valores secretos en texto plano al observar las diferencias de longitud durante una serie de adivinaciones en las que una cadena en una URL de peticiones HTTP coincide potencialmente con una cadena desconocida en un cuerpo de respuesta HTTP, tambi\u00e9n se conoce como ataque \"BREACH\", un problema diferente de CVE-2012-4929."
}
],
"id": "CVE-2013-3587",
"lastModified": "2024-11-21T01:53:56.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-21T18:15:11.427",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://breachattack.com/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://github.com/meldium/breach-mitigation-rails"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://slashdot.org/story/13/08/05/233216"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/987798"
},
{
"source": "cret@cert.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=995168"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/254895"
},
{
"source": "cret@cert.org",
"url": "https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1%40%3Cdev.httpd.apache.org%3E"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K14634"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.blackhat.com/us-13/briefings.html#Prado"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://breachattack.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://github.com/meldium/breach-mitigation-rails"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://slashdot.org/story/13/08/05/233216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/987798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=995168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/254895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1%40%3Cdev.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K14634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.blackhat.com/us-13/briefings.html#Prado"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
ghsa-hh3m-fgxm-fq25
Vulnerability from github
Published
2022-05-05 00:29
Modified
2024-04-03 23:58
Severity ?
VLAI Severity ?
Details
The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.
{
"affected": [],
"aliases": [
"CVE-2013-3587"
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-02-21T18:15:00Z",
"severity": "MODERATE"
},
"details": "The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a \u0026quot;BREACH\u0026quot; attack, a different issue than CVE-2012-4929.",
"id": "GHSA-hh3m-fgxm-fq25",
"modified": "2024-04-03T23:58:19Z",
"published": "2022-05-05T00:29:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3587"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/254895"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=995168"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1%40%3Cdev.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1@%3Cdev.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K14634"
},
{
"type": "WEB",
"url": "https://www.blackhat.com/us-13/briefings.html#Prado"
},
{
"type": "WEB",
"url": "https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django"
},
{
"type": "WEB",
"url": "http://breachattack.com"
},
{
"type": "WEB",
"url": "http://github.com/meldium/breach-mitigation-rails"
},
{
"type": "WEB",
"url": "http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407"
},
{
"type": "WEB",
"url": "http://slashdot.org/story/13/08/05/233216"
},
{
"type": "WEB",
"url": "http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/987798"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
wid-sec-w-2024-2086
Vulnerability from csaf_certbund
Published
2024-09-09 22:00
Modified
2024-09-09 22:00
Summary
SAP Patchday September 2024
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
SAP stellt unternehmensweite Lösungen für Geschäftsprozesse wie Buchführung, Vertrieb, Einkauf und Lagerhaltung zur Verfügung.
Angriff
Ein Angreifer kann mehrere Schwachstellen in SAP Software ausnutzen, um seine Privilegien zu erhöhen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "SAP stellt unternehmensweite L\u00f6sungen f\u00fcr Gesch\u00e4ftsprozesse wie Buchf\u00fchrung, Vertrieb, Einkauf und Lagerhaltung zur Verf\u00fcgung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in SAP Software ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-2086 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-2086.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-2086 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2086"
},
{
"category": "external",
"summary": "SAP Security Patch Day \u2013 September 2024 vom 2024-09-09",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/september-2024.html"
}
],
"source_lang": "en-US",
"title": "SAP Patchday September 2024",
"tracking": {
"current_release_date": "2024-09-09T22:00:00.000+00:00",
"generator": {
"date": "2024-09-10T10:03:41.307+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.6"
}
},
"id": "WID-SEC-W-2024-2086",
"initial_release_date": "2024-09-09T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-09-09T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "SAP Software",
"product": {
"name": "SAP Software",
"product_id": "T031077",
"product_identification_helper": {
"cpe": "cpe:/a:sap:sap:-"
}
}
}
],
"category": "vendor",
"name": "SAP"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-3587",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2013-3587"
},
{
"cve": "CVE-2022-0778",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2022-0778"
},
{
"cve": "CVE-2023-0215",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2023-0215"
},
{
"cve": "CVE-2023-0286",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2023-0286"
},
{
"cve": "CVE-2024-33003",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-33003"
},
{
"cve": "CVE-2024-41728",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-41728"
},
{
"cve": "CVE-2024-41729",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-41729"
},
{
"cve": "CVE-2024-41730",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-41730"
},
{
"cve": "CVE-2024-42371",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-42371"
},
{
"cve": "CVE-2024-42378",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-42378"
},
{
"cve": "CVE-2024-42380",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-42380"
},
{
"cve": "CVE-2024-44112",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-44112"
},
{
"cve": "CVE-2024-44113",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-44113"
},
{
"cve": "CVE-2024-44114",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-44114"
},
{
"cve": "CVE-2024-44115",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-44115"
},
{
"cve": "CVE-2024-44116",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-44116"
},
{
"cve": "CVE-2024-44117",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-44117"
},
{
"cve": "CVE-2024-44120",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-44120"
},
{
"cve": "CVE-2024-44121",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-44121"
},
{
"cve": "CVE-2024-45279",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-45279"
},
{
"cve": "CVE-2024-45280",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-45280"
},
{
"cve": "CVE-2024-45281",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-45281"
},
{
"cve": "CVE-2024-45283",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-45283"
},
{
"cve": "CVE-2024-45284",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-45284"
},
{
"cve": "CVE-2024-45285",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-45285"
},
{
"cve": "CVE-2024-45286",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in SAP-Software. Diese Fehler existieren in verschiedenen Komponenten wie eProcurement, dem NetWeaver Application Server oder der Commerce Cloud, u.a. aufgrund mehrerer sicherheitsrelevanter Probleme wie einer fehlenden Autorisierung, einem dll-Hijacking oder einer fehlenden Authentifizierungspr\u00fcfung und mehr. Ein anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu erzeugen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Einige dieser Sicherheitsl\u00fccken erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T031077"
]
},
"release_date": "2024-09-09T22:00:00.000+00:00",
"title": "CVE-2024-45286"
}
]
}
ncsc-2024-0378
Vulnerability from csaf_ncscnl
Published
2024-09-19 11:37
Modified
2024-09-19 11:37
Summary
Kwetsbaarheden verholpen in SAP producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
SAP heeft kwetsbaarheden verholpen in diverse producten, zoals SAP, Business Warehouse, NetWeaver, HANA, Business Objects en Commerce.
Interpretaties
Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Cross-Site Scripting (XSS)
- Omzeilen van authenticatie
- Omzeilen van beveiligingsmaatregel
- Uitvoer van willekeurige code (gebruikersrechten)
- Toegang tot gevoelige gegevens
Oplossingen
SAP heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CWE-213
Exposure of Sensitive Information Due to Incompatible Policies
CWE-426
Untrusted Search Path
CWE-256
Plaintext Storage of a Password
CWE-325
Missing Cryptographic Step
CWE-862
Missing Authorization
CWE-863
Incorrect Authorization
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "SAP heeft kwetsbaarheden verholpen in diverse producten, zoals SAP, Business Warehouse, NetWeaver, HANA, Business Objects en Commerce.",
"title": "Feiten"
},
{
"category": "description",
"text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Cross-Site Scripting (XSS)\n- Omzeilen van authenticatie\n- Omzeilen van beveiligingsmaatregel\n- Uitvoer van willekeurige code (gebruikersrechten)\n- Toegang tot gevoelige gegevens",
"title": "Interpretaties"
},
{
"category": "description",
"text": "SAP heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Exposure of Private Personal Information to an Unauthorized Actor",
"title": "CWE-359"
},
{
"category": "general",
"text": "Exposure of Sensitive Information Due to Incompatible Policies",
"title": "CWE-213"
},
{
"category": "general",
"text": "Untrusted Search Path",
"title": "CWE-426"
},
{
"category": "general",
"text": "Plaintext Storage of a Password",
"title": "CWE-256"
},
{
"category": "general",
"text": "Missing Cryptographic Step",
"title": "CWE-325"
},
{
"category": "general",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "general",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Source - sap",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/september-2024.html"
}
],
"title": "Kwetsbaarheden verholpen in SAP producten",
"tracking": {
"current_release_date": "2024-09-19T11:37:39.757598Z",
"id": "NCSC-2024-0378",
"initial_release_date": "2024-09-19T11:37:39.757598Z",
"revision_history": [
{
"date": "2024-09-19T11:37:39.757598Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1637389",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:dw4core_200:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1637390",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:dw4core_300:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1637391",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:dw4core_400:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496469",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_700:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496470",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_701:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496471",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_702:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496473",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_731:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496474",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_740:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496475",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_750:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496476",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_751:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496477",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_752:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496478",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_753:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496479",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_754:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496480",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_755:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496481",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_756:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496482",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_757:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_warehouse",
"product": {
"name": "business_warehouse",
"product_id": "CSAFPID-1496483",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:business_warehouse:sap_bw_758:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "businessobjects_business_intelligence_platform",
"product": {
"name": "businessobjects_business_intelligence_platform",
"product_id": "CSAFPID-55202",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:430:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "commerce_cloud",
"product": {
"name": "commerce_cloud",
"product_id": "CSAFPID-382448",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:commerce_cloud:2211:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-173007",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-173009",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-173010",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-173004",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-74446",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-74448",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-74436",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-74454",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-74442",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-74453",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-74434",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-74449",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-74432",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:757:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-340930",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:758:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_abap",
"product": {
"name": "netweaver_application_server_abap",
"product_id": "CSAFPID-1637232",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_abap:912:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1262156",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:700:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1262157",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:701:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1262158",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:702:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1262162",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:731:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1262163",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:740:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1262164",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:750:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1262165",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:751:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1262166",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:752:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1637253",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:75c:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1637250",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:75d:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1637252",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:75e:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1637255",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:75f:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1637254",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:75g:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1637256",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:75h:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_application_server_for_abap",
"product": {
"name": "netweaver_application_server_for_abap",
"product_id": "CSAFPID-1637251",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_application_server_for_abap:75i:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_as_for_java",
"product": {
"name": "netweaver_as_for_java",
"product_id": "CSAFPID-164614",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_as_for_java:7.50:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_as_java",
"product": {
"name": "netweaver_as_java",
"product_id": "CSAFPID-837776",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_as_java:7.50:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637280",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:dw4core_200:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637282",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:dw4core_300:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637278",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:dw4core_400:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637283",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_700:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637284",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_701:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637276",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_702:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637274",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_731:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637287",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_740:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637281",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_750:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637279",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_751:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637273",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_752:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637275",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_753:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637285",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_754:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637288",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_755:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637286",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_756:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637277",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_757:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_bw",
"product": {
"name": "netweaver_bw",
"product_id": "CSAFPID-1637272",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_bw:sap_bw_758:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "netweaver_enterprise_portal",
"product": {
"name": "netweaver_enterprise_portal",
"product_id": "CSAFPID-55577",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:netweaver_enterprise_portal:7.50:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642792",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:600:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642793",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:602:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642794",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:603:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642795",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:604:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642796",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:605:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642797",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:606:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642798",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:617:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642799",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:618:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642800",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:800:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642801",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:802:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642802",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:803:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642803",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:804:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642804",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:805:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642805",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:806:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_\\%\\/_gas",
"product": {
"name": "oil_\\%\\/_gas",
"product_id": "CSAFPID-1642806",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_\\%\\/_gas:807:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637374",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:600:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637375",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:602:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637376",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:603:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637377",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:604:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637378",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:605:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637379",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:606:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637380",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:617:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637381",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:618:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637382",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:800:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637383",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:802:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637384",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:803:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637385",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:804:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637386",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:805:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637387",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:806:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oil_gas",
"product": {
"name": "oil_gas",
"product_id": "CSAFPID-1637388",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:oil_gas:807:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637261",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:is-pra_605:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637260",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:is-pra_606:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637267",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:is-pra_616:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637266",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:is-pra_617:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637263",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:is-pra_618:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637264",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:is-pra_800:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637265",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:is-pra_801:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637262",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:is-pra_802:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637259",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:is-pra_803:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637257",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:is-pra_804:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637268",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:is-pra_805:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637258",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:s4cext_106:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637270",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:s4cext_107:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "production_and_revenue_accounting",
"product": {
"name": "production_and_revenue_accounting",
"product_id": "CSAFPID-1637269",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:production_and_revenue_accounting:s4cext_108:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap",
"product": {
"name": "sap",
"product_id": "CSAFPID-1498297",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:sap:-:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "student_life_cycle_management",
"product": {
"name": "student_life_cycle_management",
"product_id": "CSAFPID-1614510",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:student_life_cycle_management:617:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "student_life_cycle_management",
"product": {
"name": "student_life_cycle_management",
"product_id": "CSAFPID-1475930",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:student_life_cycle_management:618:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "student_life_cycle_management",
"product": {
"name": "student_life_cycle_management",
"product_id": "CSAFPID-1637289",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:student_life_cycle_management:800:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "student_life_cycle_management",
"product": {
"name": "student_life_cycle_management",
"product_id": "CSAFPID-1475932",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:student_life_cycle_management:802:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "student_life_cycle_management",
"product": {
"name": "student_life_cycle_management",
"product_id": "CSAFPID-1475933",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:student_life_cycle_management:803:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "student_life_cycle_management",
"product": {
"name": "student_life_cycle_management",
"product_id": "CSAFPID-1475927",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:student_life_cycle_management:804:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "student_life_cycle_management",
"product": {
"name": "student_life_cycle_management",
"product_id": "CSAFPID-1475931",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:student_life_cycle_management:805:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "student_life_cycle_management",
"product": {
"name": "student_life_cycle_management",
"product_id": "CSAFPID-1475928",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:student_life_cycle_management:806:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "student_life_cycle_management",
"product": {
"name": "student_life_cycle_management",
"product_id": "CSAFPID-1475934",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:student_life_cycle_management:807:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "student_life_cycle_management",
"product": {
"name": "student_life_cycle_management",
"product_id": "CSAFPID-1475929",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap:student_life_cycle_management:808:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "sap"
},
{
"branches": [
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637073",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:dw4core_200:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637074",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:dw4core_300:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637075",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:dw4core_400:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637076",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_700:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637077",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_701:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637078",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_702:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637079",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_731:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637080",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_740:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637081",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_750:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637082",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_751:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637083",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_752:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637084",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_753:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637085",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_754:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637086",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_755:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637087",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_756:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637088",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_757:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_business_warehouse__bex_analyzer_",
"product": {
"name": "sap_business_warehouse__bex_analyzer_",
"product_id": "CSAFPID-1637089",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_business_warehouse__bex_analyzer_:sap_bw_758:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_businessobjects_business_intelligence_platform",
"product": {
"name": "sap_businessobjects_business_intelligence_platform",
"product_id": "CSAFPID-1464457",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_businessobjects_business_intelligence_platform:430:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637153",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:600:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637154",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:602:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637155",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:603:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637156",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:604:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637157",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:605:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637158",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:606:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637159",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:617:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637160",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:618:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637161",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:800:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637162",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:802:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637163",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:803:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637164",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:804:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637165",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:805:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637166",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:806:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_for_oil___gas",
"product": {
"name": "sap_for_oil___gas",
"product_id": "CSAFPID-1637167",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_for_oil___gas:807:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637137",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:700:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637138",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:701:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637139",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:702:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637140",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:731:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637141",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:740:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637142",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:750:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637143",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:751:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637144",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:752:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637145",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:75c:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637146",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:75d:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637147",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:75e:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637148",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:75f:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637149",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:75g:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637150",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:75h:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product": {
"name": "sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_",
"product_id": "CSAFPID-1637151",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_:75i:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1559119",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:700:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1559120",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:701:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1559121",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:702:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1559125",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:731:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1559126",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:740:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1559127",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:750:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1559128",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:751:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1559129",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:752:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1559130",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:753:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1559131",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:754:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1559132",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:755:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1559133",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:756:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1637090",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:757:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1637091",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:758:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product": {
"name": "sap_netweaver_application_server_for_abap_and_abap_platform",
"product_id": "CSAFPID-1637092",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_application_server_for_abap_and_abap_platform:912:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_as_for_java__destination_service_",
"product": {
"name": "sap_netweaver_as_for_java__destination_service_",
"product_id": "CSAFPID-1637194",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_as_for_java__destination_service_:7.50:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_as_java__logon_application_",
"product": {
"name": "sap_netweaver_as_java__logon_application_",
"product_id": "CSAFPID-1637152",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_as_java__logon_application_:7.50:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637093",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:dw4core_200:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637094",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:dw4core_300:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637095",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:dw4core_400:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637096",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_700:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637097",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_701:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637098",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_702:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637099",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_731:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637100",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_740:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637101",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_750:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637102",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_751:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637103",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_752:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637104",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_753:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637105",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_754:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637106",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_755:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637107",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_756:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637108",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_757:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_bw__bex_analyzer_",
"product": {
"name": "sap_netweaver_bw__bex_analyzer_",
"product_id": "CSAFPID-1637109",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_bw__bex_analyzer_:sap_bw_758:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_netweaver_enterprise_portal",
"product": {
"name": "sap_netweaver_enterprise_portal",
"product_id": "CSAFPID-1550602",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_netweaver_enterprise_portal:7.50:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637171",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:is-pra_605:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637172",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:is-pra_606:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637173",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:is-pra_616:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637174",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:is-pra_617:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637175",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:is-pra_618:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637176",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:is-pra_800:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637177",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:is-pra_801:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637178",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:is-pra_802:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637179",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:is-pra_803:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637180",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:is-pra_804:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637181",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:is-pra_805:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637168",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:s4cext_106:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637169",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:s4cext_107:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product": {
"name": "sap_production_and_revenue_accounting__tobin_interface_",
"product_id": "CSAFPID-1637170",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_production_and_revenue_accounting__tobin_interface_:s4cext_108:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_s_4_hana__statutory_reports_",
"product": {
"name": "sap_s_4_hana__statutory_reports_",
"product_id": "CSAFPID-1637136",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_s_4_hana__statutory_reports_:900:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_s_4hana_eprocurement",
"product": {
"name": "sap_s_4hana_eprocurement",
"product_id": "CSAFPID-1637113",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_s_4hana_eprocurement:s4core_102:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_s_4hana_eprocurement",
"product": {
"name": "sap_s_4hana_eprocurement",
"product_id": "CSAFPID-1637114",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_s_4hana_eprocurement:s4core_103:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_s_4hana_eprocurement",
"product": {
"name": "sap_s_4hana_eprocurement",
"product_id": "CSAFPID-1637115",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_s_4hana_eprocurement:s4core_104:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_s_4hana_eprocurement",
"product": {
"name": "sap_s_4hana_eprocurement",
"product_id": "CSAFPID-1637116",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_s_4hana_eprocurement:s4core_105:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_s_4hana_eprocurement",
"product": {
"name": "sap_s_4hana_eprocurement",
"product_id": "CSAFPID-1637117",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_s_4hana_eprocurement:s4core_106:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_s_4hana_eprocurement",
"product": {
"name": "sap_s_4hana_eprocurement",
"product_id": "CSAFPID-1637118",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_s_4hana_eprocurement:s4core_107:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_s_4hana_eprocurement",
"product": {
"name": "sap_s_4hana_eprocurement",
"product_id": "CSAFPID-1637119",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_s_4hana_eprocurement:s4core_108:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_s_4hana_eprocurement",
"product": {
"name": "sap_s_4hana_eprocurement",
"product_id": "CSAFPID-1637110",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_s_4hana_eprocurement:sap_appl_606:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_s_4hana_eprocurement",
"product": {
"name": "sap_s_4hana_eprocurement",
"product_id": "CSAFPID-1637111",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_s_4hana_eprocurement:sap_appl_617:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_s_4hana_eprocurement",
"product": {
"name": "sap_s_4hana_eprocurement",
"product_id": "CSAFPID-1637112",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_s_4hana_eprocurement:sap_appl_618:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_student_life_cycle_management__slcm_",
"product": {
"name": "sap_student_life_cycle_management__slcm_",
"product_id": "CSAFPID-1614213",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:617:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_student_life_cycle_management__slcm_",
"product": {
"name": "sap_student_life_cycle_management__slcm_",
"product_id": "CSAFPID-1614214",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:618:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_student_life_cycle_management__slcm_",
"product": {
"name": "sap_student_life_cycle_management__slcm_",
"product_id": "CSAFPID-1637190",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:800:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_student_life_cycle_management__slcm_",
"product": {
"name": "sap_student_life_cycle_management__slcm_",
"product_id": "CSAFPID-1614215",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:802:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_student_life_cycle_management__slcm_",
"product": {
"name": "sap_student_life_cycle_management__slcm_",
"product_id": "CSAFPID-1614216",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:803:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_student_life_cycle_management__slcm_",
"product": {
"name": "sap_student_life_cycle_management__slcm_",
"product_id": "CSAFPID-1614217",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:804:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_student_life_cycle_management__slcm_",
"product": {
"name": "sap_student_life_cycle_management__slcm_",
"product_id": "CSAFPID-1614218",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:805:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_student_life_cycle_management__slcm_",
"product": {
"name": "sap_student_life_cycle_management__slcm_",
"product_id": "CSAFPID-1614219",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:806:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_student_life_cycle_management__slcm_",
"product": {
"name": "sap_student_life_cycle_management__slcm_",
"product_id": "CSAFPID-1614220",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:807:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sap_student_life_cycle_management__slcm_",
"product": {
"name": "sap_student_life_cycle_management__slcm_",
"product_id": "CSAFPID-1614221",
"product_identification_helper": {
"cpe": "cpe:2.3:a:sap_se:sap_student_life_cycle_management__slcm_:808:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "sap_se"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-3587",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"notes": [
{
"category": "other",
"text": "Missing Cryptographic Step",
"title": "CWE-325"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1498297",
"CSAFPID-382448"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2013-3587",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2013/CVE-2013-3587.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1498297",
"CSAFPID-382448"
]
}
],
"title": "CVE-2013-3587"
},
{
"cve": "CVE-2024-41728",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173007",
"CSAFPID-173009",
"CSAFPID-173010",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74448",
"CSAFPID-74436",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-74453",
"CSAFPID-74434",
"CSAFPID-74449",
"CSAFPID-74432",
"CSAFPID-340930",
"CSAFPID-1637232",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-41728",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41728.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173007",
"CSAFPID-173009",
"CSAFPID-173010",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74448",
"CSAFPID-74436",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-74453",
"CSAFPID-74434",
"CSAFPID-74449",
"CSAFPID-74432",
"CSAFPID-340930",
"CSAFPID-1637232",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-41728"
},
{
"cve": "CVE-2024-41729",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Private Personal Information to an Unauthorized Actor",
"title": "CWE-359"
},
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637093",
"CSAFPID-1637094",
"CSAFPID-1637095",
"CSAFPID-1637096",
"CSAFPID-1637097",
"CSAFPID-1637098",
"CSAFPID-1637099",
"CSAFPID-1637100",
"CSAFPID-1637101",
"CSAFPID-1637102",
"CSAFPID-1637103",
"CSAFPID-1637104",
"CSAFPID-1637105",
"CSAFPID-1637106",
"CSAFPID-1637107",
"CSAFPID-1637108",
"CSAFPID-1637109",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-41729",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41729.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1637093",
"CSAFPID-1637094",
"CSAFPID-1637095",
"CSAFPID-1637096",
"CSAFPID-1637097",
"CSAFPID-1637098",
"CSAFPID-1637099",
"CSAFPID-1637100",
"CSAFPID-1637101",
"CSAFPID-1637102",
"CSAFPID-1637103",
"CSAFPID-1637104",
"CSAFPID-1637105",
"CSAFPID-1637106",
"CSAFPID-1637107",
"CSAFPID-1637108",
"CSAFPID-1637109",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-41729"
},
{
"cve": "CVE-2024-42371",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173007",
"CSAFPID-173009",
"CSAFPID-173010",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74448",
"CSAFPID-74436",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-74453",
"CSAFPID-74434",
"CSAFPID-74449",
"CSAFPID-74432",
"CSAFPID-340930",
"CSAFPID-1637232",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-42371",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42371.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173007",
"CSAFPID-173009",
"CSAFPID-173010",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74448",
"CSAFPID-74436",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-74453",
"CSAFPID-74434",
"CSAFPID-74449",
"CSAFPID-74432",
"CSAFPID-340930",
"CSAFPID-1637232",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-42371"
},
{
"cve": "CVE-2024-42378",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637110",
"CSAFPID-1637111",
"CSAFPID-1637112",
"CSAFPID-1637113",
"CSAFPID-1637114",
"CSAFPID-1637115",
"CSAFPID-1637116",
"CSAFPID-1637117",
"CSAFPID-1637118",
"CSAFPID-1637119",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-42378",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42378.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1637110",
"CSAFPID-1637111",
"CSAFPID-1637112",
"CSAFPID-1637113",
"CSAFPID-1637114",
"CSAFPID-1637115",
"CSAFPID-1637116",
"CSAFPID-1637117",
"CSAFPID-1637118",
"CSAFPID-1637119",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-42378"
},
{
"cve": "CVE-2024-42380",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74432",
"CSAFPID-173009",
"CSAFPID-340930",
"CSAFPID-173010",
"CSAFPID-74448",
"CSAFPID-74449",
"CSAFPID-74434",
"CSAFPID-1637232",
"CSAFPID-173007",
"CSAFPID-74436",
"CSAFPID-74453",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-42380",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42380.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74432",
"CSAFPID-173009",
"CSAFPID-340930",
"CSAFPID-173010",
"CSAFPID-74448",
"CSAFPID-74449",
"CSAFPID-74434",
"CSAFPID-1637232",
"CSAFPID-173007",
"CSAFPID-74436",
"CSAFPID-74453",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-42380"
},
{
"cve": "CVE-2024-44112",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637153",
"CSAFPID-1637154",
"CSAFPID-1637155",
"CSAFPID-1637156",
"CSAFPID-1637157",
"CSAFPID-1637158",
"CSAFPID-1637159",
"CSAFPID-1637160",
"CSAFPID-1637161",
"CSAFPID-1637162",
"CSAFPID-1637163",
"CSAFPID-1637164",
"CSAFPID-1637165",
"CSAFPID-1637166",
"CSAFPID-1637167",
"CSAFPID-1498297",
"CSAFPID-1642792",
"CSAFPID-1642793",
"CSAFPID-1642794",
"CSAFPID-1642795",
"CSAFPID-1642796",
"CSAFPID-1642797",
"CSAFPID-1642798",
"CSAFPID-1642799",
"CSAFPID-1642800",
"CSAFPID-1642801",
"CSAFPID-1642802",
"CSAFPID-1642803",
"CSAFPID-1642804",
"CSAFPID-1642805",
"CSAFPID-1642806"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-44112",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44112.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1637153",
"CSAFPID-1637154",
"CSAFPID-1637155",
"CSAFPID-1637156",
"CSAFPID-1637157",
"CSAFPID-1637158",
"CSAFPID-1637159",
"CSAFPID-1637160",
"CSAFPID-1637161",
"CSAFPID-1637162",
"CSAFPID-1637163",
"CSAFPID-1637164",
"CSAFPID-1637165",
"CSAFPID-1637166",
"CSAFPID-1637167",
"CSAFPID-1498297",
"CSAFPID-1642792",
"CSAFPID-1642793",
"CSAFPID-1642794",
"CSAFPID-1642795",
"CSAFPID-1642796",
"CSAFPID-1642797",
"CSAFPID-1642798",
"CSAFPID-1642799",
"CSAFPID-1642800",
"CSAFPID-1642801",
"CSAFPID-1642802",
"CSAFPID-1642803",
"CSAFPID-1642804",
"CSAFPID-1642805",
"CSAFPID-1642806"
]
}
],
"title": "CVE-2024-44112"
},
{
"cve": "CVE-2024-44113",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Private Personal Information to an Unauthorized Actor",
"title": "CWE-359"
},
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637073",
"CSAFPID-1637074",
"CSAFPID-1637075",
"CSAFPID-1637076",
"CSAFPID-1637077",
"CSAFPID-1637078",
"CSAFPID-1637079",
"CSAFPID-1637080",
"CSAFPID-1637081",
"CSAFPID-1637082",
"CSAFPID-1637083",
"CSAFPID-1637084",
"CSAFPID-1637085",
"CSAFPID-1637086",
"CSAFPID-1637087",
"CSAFPID-1637088",
"CSAFPID-1637089",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-44113",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44113.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1637073",
"CSAFPID-1637074",
"CSAFPID-1637075",
"CSAFPID-1637076",
"CSAFPID-1637077",
"CSAFPID-1637078",
"CSAFPID-1637079",
"CSAFPID-1637080",
"CSAFPID-1637081",
"CSAFPID-1637082",
"CSAFPID-1637083",
"CSAFPID-1637084",
"CSAFPID-1637085",
"CSAFPID-1637086",
"CSAFPID-1637087",
"CSAFPID-1637088",
"CSAFPID-1637089",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-44113"
},
{
"cve": "CVE-2024-44114",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173010",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74448",
"CSAFPID-74436",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-74453",
"CSAFPID-74434",
"CSAFPID-74449",
"CSAFPID-74432",
"CSAFPID-340930",
"CSAFPID-1637232",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-44114",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44114.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173010",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74448",
"CSAFPID-74436",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-74453",
"CSAFPID-74434",
"CSAFPID-74449",
"CSAFPID-74432",
"CSAFPID-340930",
"CSAFPID-1637232",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-44114"
},
{
"cve": "CVE-2024-44115",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74432",
"CSAFPID-173009",
"CSAFPID-340930",
"CSAFPID-173010",
"CSAFPID-74448",
"CSAFPID-74449",
"CSAFPID-74434",
"CSAFPID-1637232",
"CSAFPID-173007",
"CSAFPID-74436",
"CSAFPID-74453",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-44115",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44115.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74432",
"CSAFPID-173009",
"CSAFPID-340930",
"CSAFPID-173010",
"CSAFPID-74448",
"CSAFPID-74449",
"CSAFPID-74434",
"CSAFPID-1637232",
"CSAFPID-173007",
"CSAFPID-74436",
"CSAFPID-74453",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-44115"
},
{
"cve": "CVE-2024-44116",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74432",
"CSAFPID-173009",
"CSAFPID-340930",
"CSAFPID-173010",
"CSAFPID-74448",
"CSAFPID-74449",
"CSAFPID-74434",
"CSAFPID-1637232",
"CSAFPID-173007",
"CSAFPID-74436",
"CSAFPID-74453",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-44116",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44116.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74432",
"CSAFPID-173009",
"CSAFPID-340930",
"CSAFPID-173010",
"CSAFPID-74448",
"CSAFPID-74449",
"CSAFPID-74434",
"CSAFPID-1637232",
"CSAFPID-173007",
"CSAFPID-74436",
"CSAFPID-74453",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-44116"
},
{
"cve": "CVE-2024-44117",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173007",
"CSAFPID-173009",
"CSAFPID-173010",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74448",
"CSAFPID-74436",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-74453",
"CSAFPID-74434",
"CSAFPID-74449",
"CSAFPID-74432",
"CSAFPID-340930",
"CSAFPID-1637232",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-44117",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44117.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173007",
"CSAFPID-173009",
"CSAFPID-173010",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74448",
"CSAFPID-74436",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-74453",
"CSAFPID-74434",
"CSAFPID-74449",
"CSAFPID-74432",
"CSAFPID-340930",
"CSAFPID-1637232",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-44117"
},
{
"cve": "CVE-2024-44120",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1550602",
"CSAFPID-55577",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-44120",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44120.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1550602",
"CSAFPID-55577",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-44120"
},
{
"cve": "CVE-2024-44121",
"cwe": {
"id": "CWE-213",
"name": "Exposure of Sensitive Information Due to Incompatible Policies"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information Due to Incompatible Policies",
"title": "CWE-213"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637136",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-44121",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44121.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1637136",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-44121"
},
{
"cve": "CVE-2024-45279",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637137",
"CSAFPID-1637138",
"CSAFPID-1637139",
"CSAFPID-1637140",
"CSAFPID-1637141",
"CSAFPID-1637142",
"CSAFPID-1637143",
"CSAFPID-1637144",
"CSAFPID-1637145",
"CSAFPID-1637146",
"CSAFPID-1637147",
"CSAFPID-1637148",
"CSAFPID-1637149",
"CSAFPID-1637150",
"CSAFPID-1637151",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45279",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45279.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1637137",
"CSAFPID-1637138",
"CSAFPID-1637139",
"CSAFPID-1637140",
"CSAFPID-1637141",
"CSAFPID-1637142",
"CSAFPID-1637143",
"CSAFPID-1637144",
"CSAFPID-1637145",
"CSAFPID-1637146",
"CSAFPID-1637147",
"CSAFPID-1637148",
"CSAFPID-1637149",
"CSAFPID-1637150",
"CSAFPID-1637151",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-45279"
},
{
"cve": "CVE-2024-45280",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637152",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45280",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45280.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1637152",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-45280"
},
{
"cve": "CVE-2024-45281",
"cwe": {
"id": "CWE-426",
"name": "Untrusted Search Path"
},
"notes": [
{
"category": "other",
"text": "Untrusted Search Path",
"title": "CWE-426"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1464457",
"CSAFPID-55202",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45281",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45281.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1464457",
"CSAFPID-55202",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-45281"
},
{
"cve": "CVE-2024-45283",
"cwe": {
"id": "CWE-256",
"name": "Plaintext Storage of a Password"
},
"notes": [
{
"category": "other",
"text": "Plaintext Storage of a Password",
"title": "CWE-256"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637194",
"CSAFPID-164614",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45283",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45283.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1637194",
"CSAFPID-164614",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-45283"
},
{
"cve": "CVE-2024-45284",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1614213",
"CSAFPID-1614214",
"CSAFPID-1637190",
"CSAFPID-1614215",
"CSAFPID-1614216",
"CSAFPID-1614217",
"CSAFPID-1614218",
"CSAFPID-1614219",
"CSAFPID-1614220",
"CSAFPID-1614221",
"CSAFPID-1614510",
"CSAFPID-1475927",
"CSAFPID-1475928",
"CSAFPID-1475929",
"CSAFPID-1475930",
"CSAFPID-1475931",
"CSAFPID-1475932",
"CSAFPID-1475933",
"CSAFPID-1475934",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45284",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45284.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-1614213",
"CSAFPID-1614214",
"CSAFPID-1637190",
"CSAFPID-1614215",
"CSAFPID-1614216",
"CSAFPID-1614217",
"CSAFPID-1614218",
"CSAFPID-1614219",
"CSAFPID-1614220",
"CSAFPID-1614221",
"CSAFPID-1614510",
"CSAFPID-1475927",
"CSAFPID-1475928",
"CSAFPID-1475929",
"CSAFPID-1475930",
"CSAFPID-1475931",
"CSAFPID-1475932",
"CSAFPID-1475933",
"CSAFPID-1475934",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-45284"
},
{
"cve": "CVE-2024-45285",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173007",
"CSAFPID-173009",
"CSAFPID-173010",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74448",
"CSAFPID-74436",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-74453",
"CSAFPID-74434",
"CSAFPID-74449",
"CSAFPID-74432",
"CSAFPID-340930",
"CSAFPID-1637232",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45285",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45285.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1559119",
"CSAFPID-1559120",
"CSAFPID-1559121",
"CSAFPID-1559125",
"CSAFPID-1559126",
"CSAFPID-1559127",
"CSAFPID-1559128",
"CSAFPID-1559129",
"CSAFPID-1559130",
"CSAFPID-1559131",
"CSAFPID-1559132",
"CSAFPID-1559133",
"CSAFPID-1637090",
"CSAFPID-1637091",
"CSAFPID-1637092",
"CSAFPID-173007",
"CSAFPID-173009",
"CSAFPID-173010",
"CSAFPID-173004",
"CSAFPID-74446",
"CSAFPID-74448",
"CSAFPID-74436",
"CSAFPID-74454",
"CSAFPID-74442",
"CSAFPID-74453",
"CSAFPID-74434",
"CSAFPID-74449",
"CSAFPID-74432",
"CSAFPID-340930",
"CSAFPID-1637232",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-45285"
},
{
"cve": "CVE-2024-45286",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637168",
"CSAFPID-1637169",
"CSAFPID-1637170",
"CSAFPID-1637171",
"CSAFPID-1637172",
"CSAFPID-1637173",
"CSAFPID-1637174",
"CSAFPID-1637175",
"CSAFPID-1637176",
"CSAFPID-1637177",
"CSAFPID-1637178",
"CSAFPID-1637179",
"CSAFPID-1637180",
"CSAFPID-1637181",
"CSAFPID-1498297"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45286",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45286.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1637168",
"CSAFPID-1637169",
"CSAFPID-1637170",
"CSAFPID-1637171",
"CSAFPID-1637172",
"CSAFPID-1637173",
"CSAFPID-1637174",
"CSAFPID-1637175",
"CSAFPID-1637176",
"CSAFPID-1637177",
"CSAFPID-1637178",
"CSAFPID-1637179",
"CSAFPID-1637180",
"CSAFPID-1637181",
"CSAFPID-1498297"
]
}
],
"title": "CVE-2024-45286"
}
]
}
gsd-2013-3587
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2013-3587",
"description": "The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a \"BREACH\" attack, a different issue than CVE-2012-4929.",
"id": "GSD-2013-3587",
"references": [
"https://www.suse.com/security/cve/CVE-2013-3587.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2013-3587"
],
"details": "The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a \"BREACH\" attack, a different issue than CVE-2012-4929.",
"id": "GSD-2013-3587",
"modified": "2023-12-13T01:22:22.818313Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HTTPS protocol",
"version": {
"version_data": [
{
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a \"BREACH\" attack, a different issue than CVE-2012-4929."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://breachattack.com/",
"refsource": "MISC",
"url": "http://breachattack.com/"
},
{
"name": "http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407",
"refsource": "MISC",
"url": "http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407"
},
{
"name": "http://slashdot.org/story/13/08/05/233216",
"refsource": "MISC",
"url": "http://slashdot.org/story/13/08/05/233216"
},
{
"name": "http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf",
"refsource": "MISC",
"url": "http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf"
},
{
"name": "https://www.blackhat.com/us-13/briefings.html#Prado",
"refsource": "MISC",
"url": "https://www.blackhat.com/us-13/briefings.html#Prado"
},
{
"name": "http://github.com/meldium/breach-mitigation-rails",
"refsource": "MISC",
"url": "http://github.com/meldium/breach-mitigation-rails"
},
{
"name": "https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/",
"refsource": "MISC",
"url": "https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/"
},
{
"name": "http://www.kb.cert.org/vuls/id/987798",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/987798"
},
{
"name": "https://hackerone.com/reports/254895",
"refsource": "MISC",
"url": "https://hackerone.com/reports/254895"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=995168",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=995168"
},
{
"name": "https://support.f5.com/csp/article/K14634",
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K14634"
},
{
"name": "[httpd-dev] 20210409 GSOC project Idea- fix for CVE-2013-3587",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1@%3Cdev.httpd.apache.org%3E"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:13.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.4.8",
"versionStartIncluding": "9.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.4.8",
"versionStartIncluding": "9.2.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.6.1",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.4.8",
"versionStartIncluding": "9.4.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.4.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.4.8",
"versionStartIncluding": "9.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:firepass:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.1.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:firepass:7.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:arx:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.3.1",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:arx:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.4.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3587"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a \"BREACH\" attack, a different issue than CVE-2012-4929."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407"
},
{
"name": "http://slashdot.org/story/13/08/05/233216",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "http://slashdot.org/story/13/08/05/233216"
},
{
"name": "http://breachattack.com/",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "http://breachattack.com/"
},
{
"name": "https://www.blackhat.com/us-13/briefings.html#Prado",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://www.blackhat.com/us-13/briefings.html#Prado"
},
{
"name": "https://hackerone.com/reports/254895",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/254895"
},
{
"name": "http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf"
},
{
"name": "http://www.kb.cert.org/vuls/id/987798",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/987798"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=995168",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=995168"
},
{
"name": "https://support.f5.com/csp/article/K14634",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K14634"
},
{
"name": "http://github.com/meldium/breach-mitigation-rails",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "http://github.com/meldium/breach-mitigation-rails"
},
{
"name": "https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/"
},
{
"name": "[httpd-dev] 20210409 GSOC project Idea- fix for CVE-2013-3587",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r7f0e9cfd166934172d43ca4c272b8bdda4a343036229d9937affd1e1@%3Cdev.httpd.apache.org%3E"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-01-01T19:44Z",
"publishedDate": "2020-02-21T18:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…